{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4773", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-f0e3-0000-6bd5-6c2db325a092", "TokenIssuedAtTime": "2025-01-24T19:34:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHA3"}, "CreationTime": "2025-01-24T19:41:21", "Id": "a4a1f35c-d16d-4d9a-a30b-08dd3c742073", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d53@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "167.123.189.143", "UserId": "normie11@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-f0e3-0000-6bd5-6c2db325a091", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "c878fc54-2313-4454-8ba5-0c31e4911870", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d4e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateInfo/", "SourceRelativeUrl": "Shared Documents/General/CorporateInfo", "SourceFileName": "CallList_5.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateInfo/Shared Documents/General/CorporateInfo/CallList_5.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4773", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-00e5-0000-6bd5-6d99adfbfce2", "TokenIssuedAtTime": "2025-01-24T19:34:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHA3"}, "CreationTime": "2025-01-24T19:41:21", "Id": "e4de91a1-b3b3-4db6-721a-08dd3c742073", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d53@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "167.123.189.143", "UserId": "normie10@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-00e5-0000-6bd5-6d99adfbfced", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "57fe7afb-a84b-486e-a4e4-397d9ce4f29d", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d5e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateInfo/", "SourceRelativeUrl": "Shared Documents/General/CorporateInfo", "SourceFileName": "CallList_6.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateInfo/Shared Documents/General/CorporateInfo/CallList_6.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4773", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-e0e4-0000-702f-f66bf6067902", "TokenIssuedAtTime": "2025-01-24T19:34:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHA3"}, "CreationTime": "2025-01-24T19:41:21", "Id": "62840503-ca78-44c6-9191-08dd3c742073", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d53@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "167.123.189.143", "UserId": "normie1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-e0e4-0000-702f-f66bf606790c", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "46d793f4-9605-49c5-bf88-fba3b3d37e9c", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d94", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateInfo/", "SourceRelativeUrl": "Shared Documents/General/CorporateInfo", "SourceFileName": "CallList_7.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateInfo/Shared Documents/General/CorporateInfo/CallList_7.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf1773", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-f0e3-0000-6bd5-6c2db325a090", "TokenIssuedAtTime": "2025-01-24T19:34:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHA3"}, "CreationTime": "2025-01-24T19:42:21", "Id": "a4a1f35c-d16d-4d9a-a30b-08dd3c742073", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d53@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "167.123.189.143", "UserId": "normie0@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-f0e3-0000-6bd5-6c2db325a091", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "c878fc54-2313-4454-8ba5-0c31e4911870", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d4e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateInfo/", "SourceRelativeUrl": "Shared Documents/General/CorporateInfo", "SourceFileName": "CallList_5.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateInfo/Shared Documents/General/CorporateInfo/CallList_5.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf2773", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-00e5-0000-6bd5-6d99adfbfce7", "TokenIssuedAtTime": "2025-01-24T19:34:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHA3"}, "CreationTime": "2025-01-24T19:43:21", "Id": "e4de91a1-b3b3-4db6-721a-08dd3c742073", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d53@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "167.123.189.143", "UserId": "normie4@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-00e5-0000-6bd5-6d99adfbfced", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "57fe7afb-a84b-486e-a4e4-397d9ce4f29d", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d5e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateInfo/", "SourceRelativeUrl": "Shared Documents/General/CorporateInfo", "SourceFileName": "CallList_6.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateInfo/Shared Documents/General/CorporateInfo/CallList_6.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf3773", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-e0e4-0000-702f-f66bf6067981", "TokenIssuedAtTime": "2025-01-24T19:34:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHA3"}, "CreationTime": "2025-01-24T19:44:21", "Id": "62840503-ca78-44c6-9191-08dd3c742073", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d53@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "167.123.189.143", "UserId": "normie5@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-e0e4-0000-702f-f66bf606790c", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "46d793f4-9605-49c5-bf88-fba3b3d37e9c", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d94", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateInfo/", "SourceRelativeUrl": "Shared Documents/General/CorporateInfo", "SourceFileName": "CallList_7.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateInfo/Shared Documents/General/CorporateInfo/CallList_7.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf5773", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-f0e3-0000-6bd5-6c2db325a772", "TokenIssuedAtTime": "2025-01-24T19:34:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHA3"}, "CreationTime": "2025-01-24T19:45:21", "Id": "a4a1f35c-d16d-4d9a-a30b-08dd3c742073", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d53@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "167.123.189.143", "UserId": "normie6@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-f0e3-0000-6bd5-6c2db325a091", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "c878fc54-2313-4454-8ba5-0c31e4911870", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d4e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateInfo/", "SourceRelativeUrl": "Shared Documents/General/CorporateInfo", "SourceFileName": "CallList_5.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateInfo/Shared Documents/General/CorporateInfo/CallList_5.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf6773", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-00e5-0000-6bd5-6d99adfbf4e2", "TokenIssuedAtTime": "2025-01-24T19:34:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHA3"}, "CreationTime": "2025-01-24T19:46:21", "Id": "e4de91a1-b3b3-4db6-721a-08dd3c742073", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d53@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "167.123.189.143", "UserId": "normie7@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-00e5-0000-6bd5-6d99adfbfced", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "57fe7afb-a84b-486e-a4e4-397d9ce4f29d", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d5e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateInfo/", "SourceRelativeUrl": "Shared Documents/General/CorporateInfo", "SourceFileName": "CallList_6.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateInfo/Shared Documents/General/CorporateInfo/CallList_6.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf7773", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-e0e4-0000-702f-f66bf6067702", "TokenIssuedAtTime": "2025-01-24T19:34:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHA3"}, "CreationTime": "2025-01-24T19:47:21", "Id": "62840503-ca78-44c6-9191-08dd3c742073", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d53@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "167.123.189.143", "UserId": "normie3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-e0e4-0000-702f-f66bf606790c", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "46d793f4-9605-49c5-bf88-fba3b3d37e9c", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d94", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateInfo/", "SourceRelativeUrl": "Shared Documents/General/CorporateInfo", "SourceFileName": "CallList_7.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateInfo/Shared Documents/General/CorporateInfo/CallList_7.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4783", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-f0e3-0000-6bd5-6c2db325a093", "TokenIssuedAtTime": "2025-01-24T19:33:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHA2"}, "CreationTime": "2025-01-24T19:40:21", "Id": "a4a1f35c-d16d-4d9a-a30b-08dd3c742072", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d52@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "167.123.189.142", "UserId": "normie2@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-f0e3-0000-6bd5-6c2db325a091", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "c878fc54-2313-4454-8ba5-0c31e4911870", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d4e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/Management/", "SourceRelativeUrl": "Shared Documents/General/", "SourceFileName": "Onboarding_1.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/Management/Shared Documents/General/Onboarding_1.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4783", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-00e5-0000-6bd5-6d99adfbfce3", "TokenIssuedAtTime": "2025-01-24T19:33:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHA2"}, "CreationTime": "2025-01-24T19:40:21", "Id": "e4de91a1-b3b3-4db6-721a-08dd3c742072", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d52@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "167.123.189.142", "UserId": "normie8@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-00e5-0000-6bd5-6d99adfbfced", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "57fe7afb-a84b-486e-a4e4-397d9ce4f29d", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d5e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/Management/", "SourceRelativeUrl": "Shared Documents/General/", "SourceFileName": "Onboarding_2.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/Management/Shared Documents/General/Onboarding_2.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4783", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-e0e4-0000-702f-f66bf6067903", "TokenIssuedAtTime": "2025-01-24T19:33:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHA2"}, "CreationTime": "2025-01-24T19:40:21", "Id": "62840503-ca78-44c6-9191-08dd3c742072", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d52@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "167.123.189.142", "UserId": "normie9@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-e0e4-0000-702f-f66bf606790c", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "46d793f4-9605-49c5-bf88-fba3b3d37e9c", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d94", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/Management/", "SourceRelativeUrl": "Shared Documents/General/", "SourceFileName": "Onboarding_3.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/Management/Shared Documents/General/Onboarding_3.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-f0e3-0000-6bd5-6c2db325a091", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:21", "Id": "a4a1f35c-d16d-4d9a-a30b-08dd3c74207b", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-f0e3-0000-6bd5-6c2db325a091", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "c878fc54-2313-4454-8ba5-0c31e4911870", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d4e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_0.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_0.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-00e5-0000-6bd5-6d99adfbfced", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:21", "Id": "e4de91a1-b3b3-4db6-721a-08dd3c742079", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-00e5-0000-6bd5-6d99adfbfced", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "57fe7afb-a84b-486e-a4e4-397d9ce4f29d", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d5e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_1.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_1.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-e0e4-0000-702f-f66bf606790c", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:21", "Id": "62840503-ca78-44c6-9191-08dd3c74207b", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-e0e4-0000-702f-f66bf606790c", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "46d793f4-9605-49c5-bf88-fba3b3d37e9c", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d94", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_2.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_2.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-00e5-0000-6bd5-6c80fa9619d9", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:21", "Id": "85488b2b-6e11-4c53-1b08-08dd3c742077", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-00e5-0000-6bd5-6c80fa9619d9", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "10900795-4d31-4b2d-a0bd-1f4426b81a1f", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:514::ad4:4dd0", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_3.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_3.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-40be-0000-6bd5-6593501a78f4", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:20", "Id": "192556a5-c9d5-4f46-dc85-08dd3c74201a", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-40be-0000-6bd5-6593501a78f4", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "04c35809-500d-41a6-aaf3-83e54d93240b", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d9e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_4.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_4.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-8081-0000-6bd5-6ee31de313df", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:20", "Id": "6c930c86-3702-4533-9263-08dd3c741f99", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-8081-0000-6bd5-6ee31de313df", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "a54ad559-0a2c-48fe-a292-ab2870e61e81", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d9c", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_5.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_5.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-a08f-0000-6bd5-69fcf5c21e77", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:20", "Id": "c68e3334-a635-4170-e650-08dd3c741fb4", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-a08f-0000-6bd5-69fcf5c21e77", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "60625ca9-a440-4895-a671-2543317a91c5", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d4a", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_6.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_6.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-f081-0000-6bd5-64d07b2a6502", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:19", "Id": "73a4a4a8-a2de-47ac-f06c-08dd3c741f89", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-f081-0000-6bd5-64d07b2a6502", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "e099d35b-28a4-4649-b88c-57c2ee8185e3", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d5e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_7.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_7.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-8047-0000-6bd5-680d4c99eeb3", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:19", "Id": "cfc5f7b2-b3b2-40dd-6ff1-08dd3c741f02", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-8047-0000-6bd5-680d4c99eeb3", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "7c470f90-ae35-40a4-87ff-e67652e9aa82", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:514::ad4:4dd0", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_8.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_8.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-c081-0000-5ab5-9b59ec3efeb7", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:19", "Id": "3fefe589-3cd8-422f-8e3b-08dd3c741f89", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-c081-0000-5ab5-9b59ec3efeb7", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "dd295087-ed03-42a1-ac6e-04f93cbfaa85", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d94", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_9.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_9.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-4044-0000-6bd5-6df7c66c7304", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:19", "Id": "9e4ed001-c749-4464-fb0d-08dd3c741efc", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-4044-0000-6bd5-6df7c66c7304", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "f03e5a07-3114-4c94-ac21-7ce96e3d82d7", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d4a", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_10.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_10.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-1045-0000-6bd5-676db833c742", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:19", "Id": "88b1d6f5-fd03-41f1-451e-08dd3c741f0d", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-1045-0000-6bd5-676db833c742", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "54b7aefa-5d85-4050-9c10-69cc5e5048f3", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d94", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_11.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_11.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-9049-0000-6bd5-622b2c1bf11e", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:19", "Id": "03b5c3de-ff25-4fe6-e76f-08dd3c741efd", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-9049-0000-6bd5-622b2c1bf11e", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "eb78835a-72af-40f9-b168-d5c9050272d4", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d9c", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_12.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_12.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-0081-0000-6bd5-66252ab1c2a4", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:19", "Id": "60423c80-ca70-4175-05a9-08dd3c741f8a", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-0081-0000-6bd5-66252ab1c2a4", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "d5f5fa55-104f-420f-a470-39bca676ccfb", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d90", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_13.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_13.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-9050-0000-6bd5-6448864e4237", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:19", "Id": "a892529f-4955-419d-030e-08dd3c741f1b", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-9050-0000-6bd5-6448864e4237", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "6f68b020-45b8-40e1-94f6-bd2738d5a499", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:511::ad4:4d10", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_15.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_15.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-4048-0000-6bd5-6905dc1c99ba", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:19", "Id": "702a6e4a-d94d-4a2a-c5c9-08dd3c741efa", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-4048-0000-6bd5-6905dc1c99ba", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "d9295c0b-498a-48c0-954b-9818ac0b59f0", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:510::ad4:52d8", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_15.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_15.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-e080-0000-6bd5-63ad1f691ec2", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:19", "Id": "c441457e-ae1e-4ea9-0200-08dd3c741f85", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-e080-0000-6bd5-63ad1f691ec2", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "39c754e4-4f26-4565-9c61-fb7268fb0967", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:514::ad4:4ddc", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_16.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_16.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-d04b-0000-6bd5-6db815222503", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:19", "Id": "99d8c528-5ce6-4dbc-8429-08dd3c741f03", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-d04b-0000-6bd5-6db815222503", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "de87cc64-f8c5-45fc-9968-1ff7ab039343", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d4e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_17.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_17.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-1082-0000-6bd5-648438808fee", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:19", "Id": "5e9cee2a-2eda-46f0-8368-08dd3c741f85", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-1082-0000-6bd5-648438808fee", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "616ac333-075f-48e2-96d3-ae2e1f53de31", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d4e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_18.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_18.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-4081-0000-6bd5-677df1d70380", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:19", "Id": "73cca2fb-669e-4c2c-0de7-08dd3c741f81", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-4081-0000-6bd5-677df1d70380", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "93e6196c-24ca-4b0b-8f9b-96bcaf058e68", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d8e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_19.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_19.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-6081-0000-6bd5-6ff2374f64bd", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:19", "Id": "80ff6e71-db7b-4bbe-c4f7-08dd3c741f8f", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-6081-0000-6bd5-6ff2374f64bd", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "c18a4a29-f6ca-4fe1-8d74-f8c8ec982715", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:514::ad4:4dd0", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_20.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_20.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-8008-0000-6bd5-64f495a6077c", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "c1df99cc-03f2-487d-5682-08dd3c741e66", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-8008-0000-6bd5-64f495a6077c", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "62dc3b0f-d010-4f7f-898a-a2b3ecf3804b", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d90", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_21.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_21.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-5038-0000-6bd5-651caf2da797", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "407d83d7-60f3-48db-4a95-08dd3c741ed6", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-5038-0000-6bd5-651caf2da797", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "ccfb09f7-b523-4f81-9868-f93fc3d18594", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d8e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_22.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_22.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-d026-0000-6bd5-6db905e1eff5", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "77ad8dae-6977-4f13-25a7-08dd3c741ea9", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-d026-0000-6bd5-6db905e1eff5", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "136e3a77-290b-4216-b4cc-3c90954a9a19", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:510::ad4:52d8", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_23.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_23.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-c020-0000-6bd5-6b44cd2101e9", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "2aaf6097-6c74-4b6c-de9b-08dd3c741ea3", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-c020-0000-6bd5-6b44cd2101e9", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "20d869ef-297b-4932-a8f0-f55f94caac0a", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:511::ad4:4d1e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_24.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_24.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-a025-0000-6bd5-6581753d0c58", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "2e5f336a-10db-42eb-a498-08dd3c741ea8", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-a025-0000-6bd5-6581753d0c58", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "3d7af238-f539-4082-ac55-2807afc68964", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:514::ad4:4ddc", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_25.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_25.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-7014-0000-6bd5-614c66e729b3", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "69b9444e-8b11-4d4e-b33a-08dd3c741e7e", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-7014-0000-6bd5-614c66e729b3", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "e623cb67-ecac-47f2-8715-7ce6032b9021", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d54", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_26.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_26.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-2039-0000-6bd5-64de84b3ab8d", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "8f9db09e-2d76-47c6-92b2-08dd3c741eda", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-2039-0000-6bd5-64de84b3ab8d", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "3a93de03-7f7a-4ccc-9c4c-010edf4414ca", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d58", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_27.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_27.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-203e-0000-6bd5-67695365d837", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "31debbed-9b54-4939-3491-08dd3c741ee9", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-203e-0000-6bd5-67695365d837", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "61bd4c3d-87c3-4d56-af31-bc959881b68b", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d54", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_28.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_28.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-3034-0000-6bd5-6809478d0512", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "dec64583-b72c-46ef-3f41-08dd3c741ed3", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-3034-0000-6bd5-6809478d0512", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "0874a675-7522-4597-8327-7d8b37088d13", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:511::ad4:4d10", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_29.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_29.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-5024-0000-6bd5-6a99929772bc", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "5eca1a1e-2039-404c-6584-08dd3c741ec4", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-5024-0000-6bd5-6a99929772bc", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "12627041-2e5f-4ee1-9011-d7590d5520fa", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d94", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_30.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_30.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-501a-0000-6bd5-64531c644ae0", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "58fe6970-7557-4841-932f-08dd3c741e8a", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-501a-0000-6bd5-64531c644ae0", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "e435939a-8cb4-47e0-8888-0f0876983946", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d9c", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_31.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_31.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-9037-0000-6bd5-6eb668122005", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "ce6958b7-852c-4fac-6a5a-08dd3c741ee0", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-9037-0000-6bd5-6eb668122005", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "5ed84fb0-6ad4-4bb5-90c5-2a1670dce721", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d9e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_32.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_32.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-201d-0000-6bd5-616eb848599b", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "9c5161db-a765-40d8-2d0c-08dd3c741e96", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-201d-0000-6bd5-616eb848599b", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "cecdf22a-c82d-46b5-b9d3-7df838ea92bf", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:511::ad4:4d10", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_33.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_33.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-6007-0000-6bd5-682d12fb8862", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "ef496310-e9db-4038-4be2-08dd3c741e68", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-6007-0000-6bd5-682d12fb8862", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "dcfb46ee-5a7a-4e93-87d1-7c0ab9a3afe9", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d94", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_34.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_34.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-1016-0000-6bd5-637e25ff9ab3", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "e31e44b5-a47a-43f2-310d-08dd3c741e80", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-1016-0000-6bd5-637e25ff9ab3", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "5e366273-0efa-47af-b5d4-ea80d5eec764", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d58", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_35.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_35.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-d021-0000-6bd5-67c32dbc4459", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "2d110416-1680-404f-21af-08dd3c741ea4", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-d021-0000-6bd5-67c32dbc4459", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "b012d87a-3ce1-4b29-966d-e9f465544d81", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d5e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_36.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_36.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-c029-0000-6bd5-62ad9fd6d5a9", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "46d34576-b138-439d-48cd-08dd3c741eb0", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-c029-0000-6bd5-62ad9fd6d5a9", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "da5c1f2d-5443-4c77-bc07-dc2359c75cd0", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d54", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_37.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_37.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-6033-0000-6bd5-660e666714d4", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "779eb1a8-9a65-43a9-2521-08dd3c741eca", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-6033-0000-6bd5-660e666714d4", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "900e364d-9fb0-41c4-9d26-d39f1acfe0ef", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d4e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_38.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_38.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-6031-0000-6bd5-68680f43e209", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "484c5bfe-2ae1-420f-8822-08dd3c741ecc", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-6031-0000-6bd5-68680f43e209", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "1adacb74-8e7a-484b-80be-5fc045f57c11", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d9c", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_39.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_39.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-900d-0000-6bd5-6a0bcee6c5b1", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "02f503cc-8679-4e56-f09d-08dd3c741e6d", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-900d-0000-6bd5-6a0bcee6c5b1", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "c6c3e64e-9900-49dc-b8c9-3bdeb75650ee", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:511::ad4:4d0e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_40.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_40.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-e038-0000-702f-f59e0bfb9b7f", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "f830ee9c-cc41-42f2-30c6-08dd3c741ed5", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-e038-0000-702f-f59e0bfb9b7f", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "9597409d-6b32-4093-94d3-841e86d75cc5", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:511::ad4:4d1e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_41.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_41.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-f02f-0000-6bd5-6c28204f3981", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "026cc9dc-ad52-48c4-967f-08dd3c741ec6", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-f02f-0000-6bd5-6c28204f3981", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "0f568d18-19b3-4614-94a3-be04c662bcfd", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:514::ad4:4dd0", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_42.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_42.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-500d-0000-6bd5-6cc7b2b50ad6", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "ffeb1772-c8c2-43b3-ddd0-08dd3c741e6a", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-500d-0000-6bd5-6cc7b2b50ad6", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "3d2d7a0f-e0b4-4925-8fca-446a8b14e73c", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d5e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_43.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_43.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-a045-0000-6bd5-6dd17794d3ad", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "e5efd9a5-15a1-4555-5a5c-08dd3c741ef4", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-a045-0000-6bd5-6dd17794d3ad", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "c75ef5c4-af4d-4ee0-b41f-08f9d1070cb7", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d5e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_44.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_44.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-503b-0000-6bd5-6e954f3a231d", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "2781d554-b9ff-4549-8f38-08dd3c741edd", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-503b-0000-6bd5-6e954f3a231d", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "f958bb7d-9d7f-4666-b048-3a10e2bd32f4", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d90", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_45.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_45.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-f042-0000-6bd5-67aea2d00d48", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "c95f4f72-555a-419e-1d4a-08dd3c741ef0", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-f042-0000-6bd5-67aea2d00d48", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "4b9559fd-5f9b-4a49-9d91-371f8830e77e", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:511::ad4:4d0e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_46.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_46.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-d00f-0000-6bd5-6d4de5664583", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "dc664081-1e58-4003-550c-08dd3c741e73", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-d00f-0000-6bd5-6d4de5664583", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "24bdecab-fdd9-4372-b8f2-886abcdf028f", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:514::ad4:4ddc", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_47.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_47.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-7028-0000-6bd5-69c30a8c787b", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "5354f9f9-099c-4402-dc04-08dd3c741eb1", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-7028-0000-6bd5-69c30a8c787b", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "45321f58-02bc-4107-8ddf-128856a6fc69", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:511::ad4:4d0e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_48.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_48.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-a014-0000-6bd5-696bb6553c93", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "d9577739-e88b-424c-ca53-08dd3c741e7c", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-a014-0000-6bd5-696bb6553c93", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "de2b01ed-48f6-4c07-8e47-2e6a80b2c2ea", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:513::ad4:4d9e", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_49.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_49.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-502d-0000-6bd5-646ee9bd94ad", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "f6714c9c-63aa-45ab-5b96-08dd3c741ebb", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-502d-0000-6bd5-646ee9bd94ad", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "aca177b9-2550-4170-a875-390bf24c04f7", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d4a", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_50.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_50.xlsx"}
{"AppAccessContext": {"AADSessionId": "0012f3a9-e7d8-0cc6-9e02-415208cf4793", "ClientAppName": "Unknown", "CorrelationId": "fca77aa1-3016-0000-6bd5-6ac094f1c5f0", "TokenIssuedAtTime": "2025-01-24T19:32:36", "UniqueTokenId": "z4DNXFjBcUyahgLIGIRHAA"}, "CreationTime": "2025-01-24T19:39:18", "Id": "3f3dd8d9-ae13-4a20-e715-08dd3c741e82", "Operation": "FileAccessed", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012003c9b97d56@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "189.135.168.197", "UserId": "attacker1@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "fca77aa1-3016-0000-6bd5-6ac094f1c5f0", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "208fcb81-1abc-4422-b2ff-4b8662964adf", "ListItemUniqueId": "1622afaf-5dde-4e70-874e-39672c7337b2", "Platform": "WinDesktop", "Site": "c7f8fb91-c3ff-4d8c-94ec-f8f1d697e028", "UserAgent": "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0", "WebId": "c18b8c5f-f551-40c2-b6f1-a8429f89f3e3", "DeviceDisplayName": "2a01:111:2053:512::ad4:4d4a", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_51.xlsx", "ApplicationDisplayName": "Unknown", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_51.xlsx"
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "798777a1-806a-0000-6bd5-627f44e59f2e", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:29:22", "Id": "eb207561-ba3e-4b9b-4806-08dd34d1bf87", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "798777a1-806a-0000-6bd5-627f44e59f2e", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "dfea6df8-5a7d-4422-bb09-2b235e4e29c7", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGJL2mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgn4berffVoiRBG7CSsjXk4pxw.2Gw9d8ihUUb4qqw3bcC3aWREnBf9EdgCHBCgHY23m8A", "FileSizeBytes": 19639521, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_9.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_9.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "788777a1-d08b-0000-6bd5-650222308d43", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:29:18", "Id": "5ae52c3a-07a6-4c1b-4467-08dd34d1bd65", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "788777a1-d08b-0000-6bd5-650222308d43", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "1ac53296-5422-4ade-9e04-ee49cee6894c", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGI72mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmWMsUaIlTeShGeBO5JzuaJTA.uDXPUkYhL6099i7xuY-lRY6POqoOnUICQ242rtPaa8w", "FileSizeBytes": 19325813, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_8.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_8.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "778777a1-205a-0000-6bd5-623f36edba55", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:29:13", "Id": "cb374575-1c4f-47e0-bcc5-08dd34d1ba7f", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "778777a1-205a-0000-6bd5-623f36edba55", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "555088c9-ea59-4b87-8b4b-5a8594f533fa", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGIn2mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnJiFBVWeqHSxGLS1qFlPUz-g.kLUYnr0QKv0Mp-KNYaC3f3_6idX-8wgKqB5oaqxofgA", "FileSizeBytes": 18533026, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_7.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_7.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "768777a1-b0a2-0000-5ab5-9114b03c46c9", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:29:10", "Id": "7808910b-1c5b-4a8d-c49f-08dd34d1b8b8", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "768777a1-b0a2-0000-5ab5-9114b03c46c9", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "0d2a6830-94b5-404f-bf26-6107bbfa7eb2", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGIb2mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgkwaCoNtZRPQBG_JmEHu_p-sg.-dIujGXxa3hoAcIzbFtEn3fsfINnhsekvuS8_SQS2EU", "FileSizeBytes": 18734095, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_6.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_6.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "758777a1-f0c7-0000-5ab5-9005fcd36b96", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:29:07", "Id": "1af4ab7f-93c7-4bc2-c25d-08dd34d1b6a2", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "758777a1-f0c7-0000-5ab5-9005fcd36b96", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "422f5b84-88c1-42ea-8592-b33c112b5243", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGIP2mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmEWy9CwYjqQhGFkrM8EStSQw.S5l-RecbuDRIvwS___pYPR6-0GAVVVn7piV--_pFOz0", "FileSizeBytes": 12605106, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_57.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_57.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "748777a1-30c2-0000-6bd5-6ce591feaf31", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:29:03", "Id": "521d8283-4a02-43ca-3101-08dd34d1b421", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "748777a1-30c2-0000-6bd5-6ce591feaf31", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "909bee35-09c6-4c6d-b47f-a2cd8fefdf5d", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGP_1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgk17puQxgltTBG0f6LNj-_fXQ.EXsTqdEiJxzy_tiRjOhYYuNFtrl90iV1sK4LM2Gu20A", "FileSizeBytes": 18475069, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_56.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_56.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "748777a1-f026-0000-5ab5-95306328bc0d", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:29:00", "Id": "6f6bc993-11d0-4c5a-e0ec-08dd34d1b2a3", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "748777a1-f026-0000-5ab5-95306328bc0d", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "ea8e4a13-51a2-4bda-81a5-8d38399dbce8", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPz1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgkTSo7qolHaSxGBpY04OZ286A.1XMkesr9SYVRpIhRdmRZGlKO9agqNR0nT1QEKXIUg8I", "FileSizeBytes": 19964602, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_55.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_55.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "738777a1-4093-0000-6bd5-6c4000282c0b", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:58", "Id": "b789831a-8065-4333-1627-08dd34d1b140", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "738777a1-4093-0000-6bd5-6c4000282c0b", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "24012ab3-0182-45a4-8d4c-8705e04196b3", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPr1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmzKgEkggGkRRGNTIcF4EGWsw.PKSwLq_CQk6mMBTAYF7peyU7CkFviUQ0e69jXWLBP4Q", "FileSizeBytes": 19929176, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_54.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_54.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "738777a1-e005-0000-5ab5-9b20cd7dc7fa", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:56", "Id": "e54f7072-259e-4939-4c12-08dd34d1afe9", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "738777a1-e005-0000-5ab5-9b20cd7dc7fa", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "39575be4-cf84-4237-b227-c9e8ff39e8f2", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPj1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnkW1c5hM83QhGyJ8no_zno8g.cqPMz_0s553x0Q1eXdS3L_qVpXb6ddZJEVt2D-ThDQY", "FileSizeBytes": 19995813, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_53.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_53.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "728777a1-e0af-0000-6bd5-6b7ae3b90c37", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:54", "Id": "2490038b-fc24-4220-5423-08dd34d1af17", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "728777a1-e0af-0000-6bd5-6b7ae3b90c37", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "5478a19b-4357-4f3e-ae3b-6140fa427f17", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPb1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmboXhUV0M-TxGuO2FA-kJ_Fw.LV0Q_NZZPjQzXazknQWZJKBfLH1_uHwY2boFbg4yQXo", "FileSizeBytes": 19838184, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_52.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_52.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "728777a1-9052-0000-6bd5-6aaf7ce91336", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:53", "Id": "48930049-7ba4-4d7f-b2e0-08dd34d1ae2e", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "728777a1-9052-0000-6bd5-6aaf7ce91336", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "6794c0a0-48c8-4fb4-8412-e1fe853fc8bf", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPX1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmgwJRnyEi0TxGEEuH-hT_Ivw.BuUg1s4-QEHYc0KV86CxZ0cF1uwyiO5y4x2K-QaeNf8", "FileSizeBytes": 19973679, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_51.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_51.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "728777a1-1001-0000-6bd5-6ee4a35e5ebb", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:51", "Id": "f0083648-2a84-48d8-67e8-08dd34d1ad65", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "728777a1-1001-0000-6bd5-6ee4a35e5ebb", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "f92c48e0-b2d4-4575-b66a-4509c88725ab", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPP1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgngSCz51LJ1RRG2akUJyIclqw.d7nMOyear-n0O_Sci2_px8CuVJaB9FlUda2K02T1mnA", "FileSizeBytes": 20500864, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_50.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_50.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "718777a1-d0b9-0000-6bd5-66dba54707fe", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:50", "Id": "77e87d69-3bec-4a66-5c53-08dd34d1acb7", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "718777a1-d0b9-0000-6bd5-66dba54707fe", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "702e0ba6-c0f2-44cc-ad43-e2bd6ce6f3fb", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPL1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmmCy5w8sDMRBGtQ-K9bObz-w.ScEMCWx3r5QCiYDNGbtE9s8ah3JtYVxyUZcXE1s6eUc", "FileSizeBytes": 18233194, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_5.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_5.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "718777a1-8020-0000-6bd5-6c251c81ed4f", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:48", "Id": "a31746de-add2-44ba-58c3-08dd34d1ab4f", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "718777a1-8020-0000-6bd5-6c251c81ed4f", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "ecb4ebbe-cad7-45f9-b891-055904070c43", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPD1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgm-67Ts18r5RRG4kQVZBAcMQw.ivofRD-81-oxmhyDLWU87TiSQlZKj3eIdILhv7ZZ0VI", "FileSizeBytes": 19057721, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_49.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_49.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "708777a1-909f-0000-6bd5-6c37d9c20830", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:46", "Id": "ce78d6c7-7f38-4a33-7b92-08dd34d1aa0d", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "708777a1-909f-0000-6bd5-6c37d9c20830", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "3421a0df-65ab-4a0a-bc45-271c4d2bb526", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGO71mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnfoCE0q2UKShG8RSccTSu1Jg.8sAoqe0TY3fsyVxhbPyLSbW3VV8bHRVxpBpGEf2QQSg", "FileSizeBytes": 19141888, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_48.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_48.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "6f8777a1-0094-0000-6bd5-6ab714656a91", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:41", "Id": "389bdbd0-8e7e-47ec-9874-08dd34d1a782", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "6f8777a1-0094-0000-6bd5-6ab714656a91", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "f2bea769-fd0a-4c2f-866c-27298e1c3bf0", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGOn1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglpp77yCv0vTBGGbCcpjhw78A.epexW2nK-jhuD4bf7vYh29ahPm-inqfcIGCkUtkl6kw", "FileSizeBytes": 19082583, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_47.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_47.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "6e8777a1-4055-0000-6bd5-6bfa8b95aead", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:36", "Id": "9d2b1e7a-90cc-47da-3601-08dd34d1a471", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "6e8777a1-4055-0000-6bd5-6bfa8b95aead", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "e1f9a2e3-0989-40cd-a007-f03691e3a535", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGOT1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnjovnhiQnNQBGgB_A2keOlNQ.I3fYzm9ys5ogBhPcur_H1PFG8kyvrPGhGedUtdtZBHE", "FileSizeBytes": 18777377, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_46.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_46.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "6d8777a1-7077-0000-6bd5-6222b901cf04", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:33", "Id": "2a98634a-3b06-439d-0d42-08dd34d1a256", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "6d8777a1-7077-0000-6bd5-6222b901cf04", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "e95ec28c-6f4a-4f0b-b3f0-8cdc140af015", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGOH1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmMwl7pSm8LTxGz8IzcFArwFQ.QK7GlTIfHOTfZh143mbvOQ4zn6m5s13xGj5MzJdGceo", "FileSizeBytes": 18712210, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_45.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_45.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "6c8777a1-a0f0-0000-6bd5-64d9d38dad2b", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:31", "Id": "c740cd23-f7d7-4a39-cdcb-08dd34d1a111", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "6c8777a1-a0f0-0000-6bd5-64d9d38dad2b", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "fc6441f9-db28-41a8-be4b-26cb1bf3da03", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGN_1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgn5QWT8KNuoQRG-SybLG_PaAw.OWZ0C8xNt9TBhqFrXeEAEr9u2T0S_rhgKwUrbnrKrKA", "FileSizeBytes": 18541387, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_44.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_44.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "6c8777a1-3068-0000-6bd5-65297565ca1e", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:29", "Id": "207416e9-a282-4857-71e8-08dd34d19fc9", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "6c8777a1-3068-0000-6bd5-65297565ca1e", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "f24c7d8e-4184-424c-a556-167ff7053e8c", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGN31mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmOfUzyhEFMQhGlVhZ_9wU-jA.MuQy7Jx6zoEKGRLoodpG3ojmG0AU43ytZkeNBhzxtvE", "FileSizeBytes": 18699437, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_43.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_43.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "6b8777a1-90a7-0000-6bd5-65e8b769dff2", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:25", "Id": "54deec40-9b61-4f8f-32b9-08dd34d19de7", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "6b8777a1-90a7-0000-6bd5-65e8b769dff2", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "d61372b7-85c2-461c-bf8e-eb1319a1985d", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGNn1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgm3chPWwoUcRhG_jusTGaGYXQ.IZmf2kAkjE38FceeXVVEr8PuzRfNbt8VoB3QsIbYrLQ", "FileSizeBytes": 18734873, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_42.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_42.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "6b8777a1-d049-0000-6bd5-6f640ee4362e", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:24", "Id": "990bb132-0786-49d3-3adc-08dd34d19d0e", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "6b8777a1-d049-0000-6bd5-6f640ee4362e", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "9e8ea7d4-68d7-49f0-a537-978c1a68214f", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGNj1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnUp46e12jwSRGlN5eMGmghTw.fXrKVEKolK2Dv-dfTZ-A5zof8lDyPL__xATak_rDcJQ", "FileSizeBytes": 19209689, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_41.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_41.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "6a8777a1-a0d3-0000-6bd5-66d987a48811", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:22", "Id": "3d73201a-dded-4a6a-df79-08dd34d19be1", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "6a8777a1-a0d3-0000-6bd5-66d987a48811", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "c6f22eec-2838-4d0e-b1e3-67d9011cf022", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGNb1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnsLvLGOCgOTRGx42fZARzwIg.w-VkEmnPNLVA46ZT5u9onH46fpQlNISnWJERFsP6FmY", "FileSizeBytes": 19941219, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_40.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_40.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "6a8777a1-206c-0000-6bd5-6f9dea98c4b9", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:20", "Id": "60a155d4-b6a8-46bf-8033-08dd34d19ae7", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "6a8777a1-206c-0000-6bd5-6f9dea98c4b9", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "bbf3b254-e485-4b89-85fd-bc83fc17242a", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGNT1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglUsvO7heSJSxGF_byD_BckKg.RdlHZsRU_SJlXpaR29yXf5h_4hgDDQN22Qw0vW3vD7Q", "FileSizeBytes": 18855155, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_4.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_4.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "698777a1-004e-0000-6bd5-6fc5d0992f5d", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:16", "Id": "046e244d-8ce7-4020-8bb6-08dd34d1982a", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "698777a1-004e-0000-6bd5-6fc5d0992f5d", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "f1774f40-6a65-47ce-8888-10185219359d", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGND1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglAT3fxZWrORxGIiBAYUhk1nQ.E7BJ2xQrAU-iHxf3UVaOA0RSuiB7mqXVFBTqGtv_qHE", "FileSizeBytes": 19903828, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_39.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_39.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "688777a1-3038-0000-6bd5-61914f432673", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:11", "Id": "7c31198a-21eb-4e7c-e03b-08dd34d1958d", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "688777a1-3038-0000-6bd5-61914f432673", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "69f6549d-259b-4dd5-8005-9fe32a7b3606", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGMv1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmdVPZpmyXVTRGABZ_jKns2Bg.y7swHnyPtcdvNf0iOs4uoMXMuj5iIP7KrEFB2aM75xI", "FileSizeBytes": 19867519, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_38.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_38.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "678777a1-001c-0000-6bd5-6914af937f30", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:07", "Id": "f934e92e-4a7f-4212-b1a8-08dd34d192d5", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "678777a1-001c-0000-6bd5-6914af937f30", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "26a0e840-237b-4caf-ad11-0b9a3283d3b9", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGMf1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglA6KAmeyOvTBGtEQuaMoPTuQ.vp50V9RWCGKqHwKQNG1hRyMgKZtVgFaa3SNxgyUitsA", "FileSizeBytes": 19903787, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_37.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_37.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "668777a1-301a-0000-6bd5-6fb6d3ef6b93", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:03", "Id": "f57ca9e3-032d-48c3-302e-08dd34d1906c", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "668777a1-301a-0000-6bd5-6fb6d3ef6b93", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "909e5659-7a5a-4932-8f86-032bd96b0f7e", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGMP1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglZVp6QWnoySRGPhgMr2WsPfg.EwG5My1SdxyCjAUAGiKAAtotbLR0X4-7hhnWm-5d1LA", "FileSizeBytes": 19938722, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_36.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_36.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "658777a1-409c-0000-5ab5-9710e81feb6d", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:01", "Id": "58138746-2f06-4afd-c7ec-08dd34d18f2c", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "658777a1-409c-0000-5ab5-9710e81feb6d", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "a283de12-3bb0-41ad-bbcd-dc1ad6c74745", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGMH1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgkS3oOisDutQRG7zdwa1sdHRQ.VptGY4VFHMipM7gyzbxHqQanWVMoRfrW8PeukuHgxkM", "FileSizeBytes": 19485299, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_35.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_35.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "658777a1-5046-0000-5ab5-9750f89a7c0c", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:59", "Id": "5d585c4a-63c6-4812-335a-08dd34d18e56", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "658777a1-5046-0000-5ab5-9750f89a7c0c", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "d774cfb0-f43d-4ef6-aa48-d6c63ffc8d46", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGL_1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmwz3TXPfT2ThGqSNbGP_yNRg.LdhzQQQh1bYNXhdbWjPDprRW7CqIPop80E_huQ4jnVA", "FileSizeBytes": 18656729, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_34.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_34.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "648777a1-60ef-0000-5ab5-9520bdd78569", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:58", "Id": "bfa4407b-464f-4c64-3cc9-08dd34d18d7d", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "648777a1-60ef-0000-5ab5-9520bdd78569", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "dabc0455-084a-42c4-931b-2e959a9c7a6e", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGL71mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglVBLzaSgjEQhGTGy6Vmpx6bg.GDl4men7pvDmWVTwr8hREYHhsamoZ7o6O8sJshlkOI8", "FileSizeBytes": 18458019, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_33.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_33.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "648777a1-f084-0000-6bd5-6dddc9a194f7", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:56", "Id": "462c4603-bdce-4d09-70f1-08dd34d18c80", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "648777a1-f084-0000-6bd5-6dddc9a194f7", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "c652daf4-577b-44fd-b06c-8a38a857480a", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGLz1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgn02lLGe1f9RBGwbIo4qFdICg.JTkaW_CDNCl_3pC5dHj3llhoiKpEvU6nAHf4R3TeTwk", "FileSizeBytes": 17337841, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_32.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_32.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "648777a1-6020-0000-5ab5-9c372670c3b7", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:55", "Id": "2f45742c-dc0a-42af-8d4c-08dd34d18b88", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "648777a1-6020-0000-5ab5-9c372670c3b7", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "8fa43450-78e6-420d-aef2-b488d4142ce9", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGLv1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglQNKSP5ngNQhGu8rSI1BQs6Q.rzjq4OxMUx9ywIqzyrigQjZZEZjtJMvUXasjDGRBL4M", "FileSizeBytes": 18574716, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_31.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_31.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "638777a1-5028-0000-6bd5-6a34175b54d5", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:51", "Id": "057607f6-14f2-40ec-ab81-08dd34d1892f", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "638777a1-5028-0000-6bd5-6a34175b54d5", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "4c1a42e1-9708-446a-96b7-6280fb8a9a7d", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGLf1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnhQhpMCJdqRBGWt2KA-4qafQ.ItLR2RaSTVJk5ZYBzVW_GRdLcuH2LFitMLfWDiE8F5M", "FileSizeBytes": 19427228, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_30.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_30.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "628777a1-f03d-0000-6bd5-6c7e85e549f5", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:47", "Id": "d2cae088-2739-4c38-76bd-08dd34d186f3", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "628777a1-f03d-0000-6bd5-6c7e85e549f5", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "b0205f99-b8dd-47ab-9c71-871039cf4cac", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGLP1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmZXyCw3birRxGccYcQOc9MrA.rfK-c9YsFrC_iBtzb1eLO0yDuiFcw1hYopt-qoU74e0", "FileSizeBytes": 19081098, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_3.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_3.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "618777a1-b04c-0000-6bd5-620f30f07a93", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:43", "Id": "99e8ddc7-75f5-402e-9159-08dd34d184a6", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "618777a1-b04c-0000-6bd5-620f30f07a93", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "fcd97fc2-9fc1-4111-9848-d509640ad334", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGK_1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnCf9n8wZ8RQRGYSNUJZArTNA.l6LarAyn1PWiQUNkeBwc4DngF3ESOtiHJUTpHUiSkzw", "FileSizeBytes": 18874932, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_29.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_29.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "608777a1-2042-0000-6bd5-6d89965137e3", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:39", "Id": "6569d13c-a120-4b00-ea14-08dd34d18216", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "608777a1-2042-0000-6bd5-6d89965137e3", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "d77b55ba-1963-473a-adbb-6a9ad6f1261c", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGKv1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgm6VXvXYxk6RxGtu2qa1vEmHA.pwvdDhTvIQ2WyvEIjjtiAw6XydfQszFghn7KQ_xm-VI", "FileSizeBytes": 18665525, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_28.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_28.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "5f8777a1-d07c-0000-6bd5-62ec9fb64255", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:36", "Id": "e405fcd1-4a56-4628-13f7-08dd34d1803a", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "5f8777a1-d07c-0000-6bd5-62ec9fb64255", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "41a25b98-b80a-4d3b-b8ab-6890acfabf4f", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGKj1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmYW6JBCrg7TRG4q2iQrPq_Tw.T7Ml7u9jItD5PvJgCOQQmklNrdVtXHQQGGZbAR6_tAw", "FileSizeBytes": 19745345, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_27.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_27.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "5e8777a1-60c1-0000-5ab5-98bfcb67bece", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:33", "Id": "453cb1ea-62d2-4968-95bc-08dd34d17e6b", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "5e8777a1-60c1-0000-5ab5-98bfcb67bece", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "be894c8d-2856-4d6f-9299-b3d377bc712b", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGKX1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmNTIm-VihvTRGSmbPTd7xxKw.H_dG9PjloIOhcpzqX0J1tB7pyi8fSZkwe9Hpey_l_IQ", "FileSizeBytes": 19438898, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_26.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_26.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "5d8777a1-90e7-0000-6bd5-69c85d23c4ee", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:29", "Id": "9f8b93b8-1a1e-4faa-de65-08dd34d17c57", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "5d8777a1-90e7-0000-6bd5-69c85d23c4ee", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "da9d84fc-e91a-4bcd-a038-df6fbf45da3d", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGKH1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgn8hJ3aGunNSxGgON9vv0XaPQ.l4gz58R2uuyqHExWyQFdSFovelDHA1gu-qJ-OAwrYHw", "FileSizeBytes": 19172200, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_25.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_25.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "5d8777a1-d08a-0000-5ab5-950f438fbf08", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:28", "Id": "26087525-8d64-429f-a0d6-08dd34d17b70", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "5d8777a1-d08a-0000-5ab5-950f438fbf08", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "4749f364-020c-4c8e-8c44-ce1f1c7d829b", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGKD1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglk80lHDAKOTBGMRM4fHH2Cmw.MGR7yXab-XPukFsCN71T4RCeOD3wrOox64nlzpaRv3o", "FileSizeBytes": 19002595, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_24.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_24.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "5c8777a1-00dc-0000-6bd5-67ea12de0ae9", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:25", "Id": "7ab4a54c-6bd3-4ce4-998f-08dd34d179ca", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "5c8777a1-00dc-0000-6bd5-67ea12de0ae9", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "55de3c56-5446-4ca8-8c7b-e5bda5c7642e", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGJ31mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglWPN5VRlSoTBGMe-W9pcdkLg.qArY8Pv-vP225GW2ltXIf1K3O9vx4cuPD1AxnBonCXc", "FileSizeBytes": 19877031, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_23.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_23.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "5c8777a1-a06e-0000-6bd5-677caae98b0c", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:23", "Id": "bc197a2d-ac04-4dc1-f599-08dd34d178c1", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "5c8777a1-a06e-0000-6bd5-677caae98b0c", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "d7cdad7d-1579-4483-bdcf-4a12f2c0dc52", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGJv1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgl9rc3XeRWDRBG9z0oS8sDcUg.9CRuKzwfAT8DcSgmNYR-bQkKVCDKcpxTUHOPyp82IIw", "FileSizeBytes": 19465506, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_22.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_22.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "5c8777a1-801f-0000-5ab5-9a3ce55efed8", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:22", "Id": "55e10549-eb20-4494-9e7a-08dd34d17805", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "5c8777a1-801f-0000-5ab5-9a3ce55efed8", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "6d0d48fa-7cdf-4c6f-a610-737cc712f2a6", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGJr1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgn6SA1t33xvTBGmEHN8xxLypg.xgtFkYPk9Zr9oNsk6c9hRx8NvNbeaYAPRVB2VGL0mog", "FileSizeBytes": 19875669, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_21.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_21.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "5b8777a1-305b-0000-6bd5-6e761f9c6fde", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:19", "Id": "9bdd97f4-f9b1-42f8-fe8e-08dd34d17623", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "5b8777a1-305b-0000-6bd5-6e761f9c6fde", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "f419d30c-6e70-4740-bfcd-4f048ccd00a2", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGJf1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgkM0xn0cG5ARxG_zU8EjM0Aog.ndyVlYX4uxYb9l-6a8z57k1ebKatDt6_B3hinrtyaKQ", "FileSizeBytes": 19526945, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_20.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_20.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "5a8777a1-30a3-0000-6bd5-675b7a5f2406", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:16", "Id": "661bedf5-8745-4d4d-92ba-08dd34d1745b", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "5a8777a1-30a3-0000-6bd5-675b7a5f2406", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "269b9287-facd-488b-9c6e-4c3a4ac7d99d", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGJT1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmHkpsmzfqLSBGcbkw6SsfZnQ.Ts3F3pNNgnl53jd_I-558nzdGBTvLt9BfQ2yBvdcvvg", "FileSizeBytes": 18603883, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_2.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_2.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "598777a1-f0ee-0000-6bd5-65beee6b333e", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:13", "Id": "98f55610-2262-4dad-4e84-08dd34d172a8", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "598777a1-f0ee-0000-6bd5-65beee6b333e", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "c831bbd5-0768-4dc8-9758-2dc486745400", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGJH1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnVuzHIaAfITRGXWC3EhnRUAA.eI33Egq2czcbkVyOTvtBJLDViru3t-dPbDnOarG7U9A", "FileSizeBytes": 19338878, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_19.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_19.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "598777a1-a06c-0000-6bd5-6dd4112e1e1e", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:11", "Id": "dbb2be88-ded3-4dbf-c974-08dd34d17167", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "598777a1-a06c-0000-6bd5-6dd4112e1e1e", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "1c99395f-8756-4a3c-a3cb-43b1dad3fd80", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGI_1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglfOZkcVoc8ShGjy0Ox2tP9gA.iUJY8jd_Mo7VesJ_YSrN1XOoNb2QP8uN4os_pJZ_nEk", "FileSizeBytes": 19290736, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_18.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_18.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "588777a1-a0c5-0000-6bd5-650ad3e278d8", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:08", "Id": "ce555202-4cdb-4894-77d9-08dd34d16fd2", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "588777a1-a0c5-0000-6bd5-650ad3e278d8", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "d17af5d8-0087-4bb3-bc41-4a696b45812c", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGIz1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnY9XrRhwCzSxG8QUppa0WBLA.kH8VtzoRR1yfuwWn3PSua1GjnqObegW6Sg_U4yE2ZJU", "FileSizeBytes": 19395614, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_17.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_17.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "578777a1-f0e9-0000-6bd5-626e17059b68", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:05", "Id": "97ed6c3a-db29-41ec-8a3a-08dd34d16e3f", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "578777a1-f0e9-0000-6bd5-626e17059b68", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "28485ea9-92b0-4e11-8b14-870365e4cbbb", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGIn1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmpXkgosJIRThGLFIcDZeTLuw.yuD5hzAeNTErb-ZVnWpz251h6WcoIfd8IBdQjQFma-A", "FileSizeBytes": 19892955, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_16.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_16.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "578777a1-b00c-0000-5ab5-9e4c192bb2a3", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:01", "Id": "6dd37842-df83-4216-39f8-08dd34d16ba0", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "578777a1-b00c-0000-5ab5-9e4c192bb2a3", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "c083964c-395a-47aa-8e6b-a0deb417f66f", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGIX1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglMloPAWjmqRxGOa6DetBf2bw.BuyV1iNOOCTzV5k5ZZWF6wazcr-0FY1zaIW5iZY31q8", "FileSizeBytes": 19852052, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_15.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_15.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "568777a1-8044-0000-5ab5-9063af189fe4", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:26:58", "Id": "06c351ce-cdef-4e42-b178-08dd34d169b2", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "568777a1-8044-0000-5ab5-9063af189fe4", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "2131658f-d3bd-4e80-9613-a402401b8f89", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGIL1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmPZTEhvdOAThGWE6QCQBuPiQ.OyPx1TgECVlo9hAEJED83xafFfGIfGQwFT9ZoEx9iLQ", "FileSizeBytes": 19845528, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_14.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_14.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "558777a1-d065-0000-5ab5-92f98baf9cd2", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:26:54", "Id": "f896a4e5-0451-4bf0-dd72-08dd34d16797", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "558777a1-d065-0000-5ab5-92f98baf9cd2", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "d7ca7068-b9c3-4692-9805-84687ea2b256", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGP70mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglocMrXw7mSRhGYBYRofqKyVg.EN0ALudqz4wisoTTNgMzOlWkR89WJEoLlUpsVIvtGvw", "FileSizeBytes": 19603917, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_13.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_13.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "548777a1-80cb-0000-5ab5-92a6c8411520", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:26:52", "Id": "d84e934f-d3a8-4dff-75a5-08dd34d1662d", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "548777a1-80cb-0000-5ab5-92a6c8411520", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "13bc896d-b6f5-4a20-89c2-a97f67ac6dd1", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPz0mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgltibwT9bYgShGJwql_Z6xt0Q.fDpl9z2JIJamBk5rdw7FMfM0511ovLrQZ1_Ksh3fXRU", "FileSizeBytes": 18511330, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_12.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_12.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "548777a1-a01f-0000-5ab5-9078f0a8b462", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:26:49", "Id": "8f95e6a7-d25f-4740-2800-08dd34d16479", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "548777a1-a01f-0000-5ab5-9078f0a8b462", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "8cb75fb3-e5c3-45c3-aa97-ea6babc1497e", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPn0mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmzX7eMw-XDRRGql-prq8FJfg.Ytap4olAb2j4f3Vqq-_1n33rQ5g-oGUMkzcUZL_gqYs", "FileSizeBytes": 18118364, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_11.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_11.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "538777a1-7099-0000-6bd5-65e782817c12", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:26:47", "Id": "e6569ade-919a-496a-aea5-08dd34d1632c", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "538777a1-7099-0000-6bd5-65e782817c12", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "ae75cb49-c24d-4531-9ab3-83939015efad", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPf0mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglJy3WuTcIxRRGas4OTkBXvrQ.-wT7N2paFPGswMv_5CK2WMqpFrAvW3LH8nLIzPC1YCE", "FileSizeBytes": 18892358, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_10.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_10.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "528777a1-30fb-0000-6bd5-6e36ff92c4d8", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:26:44", "Id": "869dd181-7680-4a0b-fc89-08dd34d161b3", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "528777a1-30fb-0000-6bd5-6e36ff92c4d8", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "17ff3b80-70ae-4c85-9988-fb2d5c5e22ab", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPT0mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmAO_8XrnCFTBGZiPstXF4iqw.NhUEJ_bF8V679POT7RdJFEmPP5lyH8lJ94W1cu4Y_j4", "FileSizeBytes": 18724357, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_1.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_1.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "rclone", "CorrelationId": "518777a1-2087-0000-6bd5-6f6c488e7fce", "TokenIssuedAtTime": "2025-01-24T19:24:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:26:38", "Id": "547d4d45-7b8e-4ee3-3dd0-08dd34d15e25", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.178.152", "UserId": "external.attacker1_badguy.com#ext#@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "518777a1-2087-0000-6bd5-6f6c488e7fce", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "609e2247-fd3f-4b1e-aea2-4033f49877a3", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "RClone/v1.68.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGO70mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglHIp5gP_0eSxGuokAz9Jh3ow.UINCCWohqSMn0EJQtl70iF5F66GpAIaobU3fgGb5N0s", "FileSizeBytes": 16143835, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_0.docx", "ApplicationDisplayName": "Rclone", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_0.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "798777a1-806a-0000-6bd5-627f44e59f2e", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:29:22", "Id": "eb207561-ba3e-4b9b-4806-08dd34d1bf87", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "798777a1-806a-0000-6bd5-627f44e59f2e", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "dfea6df8-5a7d-4422-bb09-2b235e4e29c7", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGJL2mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgn4berffVoiRBG7CSsjXk4pxw.2Gw9d8ihUUb4qqw3bcC3aWREnBf9EdgCHBCgHY23m8A", "FileSizeBytes": 19639521, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_9.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_9.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "788777a1-d08b-0000-6bd5-650222308d43", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:29:18", "Id": "5ae52c3a-07a6-4c1b-4467-08dd34d1bd65", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "788777a1-d08b-0000-6bd5-650222308d43", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "1ac53296-5422-4ade-9e04-ee49cee6894c", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGI72mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmWMsUaIlTeShGeBO5JzuaJTA.uDXPUkYhL6099i7xuY-lRY6POqoOnUICQ242rtPaa8w", "FileSizeBytes": 19325813, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_8.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_8.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "778777a1-205a-0000-6bd5-623f36edba55", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:29:13", "Id": "cb374575-1c4f-47e0-bcc5-08dd34d1ba7f", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "778777a1-205a-0000-6bd5-623f36edba55", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "555088c9-ea59-4b87-8b4b-5a8594f533fa", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGIn2mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnJiFBVWeqHSxGLS1qFlPUz-g.kLUYnr0QKv0Mp-KNYaC3f3_6idX-8wgKqB5oaqxofgA", "FileSizeBytes": 18533026, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_7.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_7.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "768777a1-b0a2-0000-5ab5-9114b03c46c9", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:29:10", "Id": "7808910b-1c5b-4a8d-c49f-08dd34d1b8b8", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "768777a1-b0a2-0000-5ab5-9114b03c46c9", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "0d2a6830-94b5-404f-bf26-6107bbfa7eb2", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGIb2mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgkwaCoNtZRPQBG_JmEHu_p-sg.-dIujGXxa3hoAcIzbFtEn3fsfINnhsekvuS8_SQS2EU", "FileSizeBytes": 18734095, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_6.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_6.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "758777a1-f0c7-0000-5ab5-9005fcd36b96", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:29:07", "Id": "1af4ab7f-93c7-4bc2-c25d-08dd34d1b6a2", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "758777a1-f0c7-0000-5ab5-9005fcd36b96", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "422f5b84-88c1-42ea-8592-b33c112b5243", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGIP2mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmEWy9CwYjqQhGFkrM8EStSQw.S5l-RecbuDRIvwS___pYPR6-0GAVVVn7piV--_pFOz0", "FileSizeBytes": 12605106, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_57.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_57.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "748777a1-30c2-0000-6bd5-6ce591feaf31", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:29:03", "Id": "521d8283-4a02-43ca-3101-08dd34d1b421", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "748777a1-30c2-0000-6bd5-6ce591feaf31", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "909bee35-09c6-4c6d-b47f-a2cd8fefdf5d", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGP_1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgk17puQxgltTBG0f6LNj-_fXQ.EXsTqdEiJxzy_tiRjOhYYuNFtrl90iV1sK4LM2Gu20A", "FileSizeBytes": 18475069, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_56.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_56.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "748777a1-f026-0000-5ab5-95306328bc0d", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:29:00", "Id": "6f6bc993-11d0-4c5a-e0ec-08dd34d1b2a3", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "748777a1-f026-0000-5ab5-95306328bc0d", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "ea8e4a13-51a2-4bda-81a5-8d38399dbce8", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPz1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgkTSo7qolHaSxGBpY04OZ286A.1XMkesr9SYVRpIhRdmRZGlKO9agqNR0nT1QEKXIUg8I", "FileSizeBytes": 19964602, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_55.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_55.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "738777a1-4093-0000-6bd5-6c4000282c0b", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:58", "Id": "b789831a-8065-4333-1627-08dd34d1b140", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "738777a1-4093-0000-6bd5-6c4000282c0b", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "24012ab3-0182-45a4-8d4c-8705e04196b3", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPr1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmzKgEkggGkRRGNTIcF4EGWsw.PKSwLq_CQk6mMBTAYF7peyU7CkFviUQ0e69jXWLBP4Q", "FileSizeBytes": 19929176, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_54.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_54.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "738777a1-e005-0000-5ab5-9b20cd7dc7fa", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:56", "Id": "e54f7072-259e-4939-4c12-08dd34d1afe9", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "738777a1-e005-0000-5ab5-9b20cd7dc7fa", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "39575be4-cf84-4237-b227-c9e8ff39e8f2", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPj1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnkW1c5hM83QhGyJ8no_zno8g.cqPMz_0s553x0Q1eXdS3L_qVpXb6ddZJEVt2D-ThDQY", "FileSizeBytes": 19995813, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_53.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_53.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "728777a1-e0af-0000-6bd5-6b7ae3b90c37", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:54", "Id": "2490038b-fc24-4220-5423-08dd34d1af17", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "728777a1-e0af-0000-6bd5-6b7ae3b90c37", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "5478a19b-4357-4f3e-ae3b-6140fa427f17", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPb1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmboXhUV0M-TxGuO2FA-kJ_Fw.LV0Q_NZZPjQzXazknQWZJKBfLH1_uHwY2boFbg4yQXo", "FileSizeBytes": 19838184, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_52.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_52.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "728777a1-9052-0000-6bd5-6aaf7ce91336", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:53", "Id": "48930049-7ba4-4d7f-b2e0-08dd34d1ae2e", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "728777a1-9052-0000-6bd5-6aaf7ce91336", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "6794c0a0-48c8-4fb4-8412-e1fe853fc8bf", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPX1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmgwJRnyEi0TxGEEuH-hT_Ivw.BuUg1s4-QEHYc0KV86CxZ0cF1uwyiO5y4x2K-QaeNf8", "FileSizeBytes": 19973679, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_51.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_51.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "728777a1-1001-0000-6bd5-6ee4a35e5ebb", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:51", "Id": "f0083648-2a84-48d8-67e8-08dd34d1ad65", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "728777a1-1001-0000-6bd5-6ee4a35e5ebb", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "f92c48e0-b2d4-4575-b66a-4509c88725ab", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPP1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgngSCz51LJ1RRG2akUJyIclqw.d7nMOyear-n0O_Sci2_px8CuVJaB9FlUda2K02T1mnA", "FileSizeBytes": 20500864, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_50.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_50.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "718777a1-d0b9-0000-6bd5-66dba54707fe", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:50", "Id": "77e87d69-3bec-4a66-5c53-08dd34d1acb7", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "718777a1-d0b9-0000-6bd5-66dba54707fe", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "702e0ba6-c0f2-44cc-ad43-e2bd6ce6f3fb", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPL1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmmCy5w8sDMRBGtQ-K9bObz-w.ScEMCWx3r5QCiYDNGbtE9s8ah3JtYVxyUZcXE1s6eUc", "FileSizeBytes": 18233194, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_5.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_5.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "718777a1-8020-0000-6bd5-6c251c81ed4f", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:48", "Id": "a31746de-add2-44ba-58c3-08dd34d1ab4f", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "718777a1-8020-0000-6bd5-6c251c81ed4f", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "ecb4ebbe-cad7-45f9-b891-055904070c43", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPD1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgm-67Ts18r5RRG4kQVZBAcMQw.ivofRD-81-oxmhyDLWU87TiSQlZKj3eIdILhv7ZZ0VI", "FileSizeBytes": 19057721, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_49.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_49.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "708777a1-909f-0000-6bd5-6c37d9c20830", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:46", "Id": "ce78d6c7-7f38-4a33-7b92-08dd34d1aa0d", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "708777a1-909f-0000-6bd5-6c37d9c20830", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "3421a0df-65ab-4a0a-bc45-271c4d2bb526", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGO71mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnfoCE0q2UKShG8RSccTSu1Jg.8sAoqe0TY3fsyVxhbPyLSbW3VV8bHRVxpBpGEf2QQSg", "FileSizeBytes": 19141888, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_48.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_48.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "6f8777a1-0094-0000-6bd5-6ab714656a91", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:41", "Id": "389bdbd0-8e7e-47ec-9874-08dd34d1a782", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "6f8777a1-0094-0000-6bd5-6ab714656a91", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "f2bea769-fd0a-4c2f-866c-27298e1c3bf0", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGOn1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglpp77yCv0vTBGGbCcpjhw78A.epexW2nK-jhuD4bf7vYh29ahPm-inqfcIGCkUtkl6kw", "FileSizeBytes": 19082583, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_47.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_47.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "6e8777a1-4055-0000-6bd5-6bfa8b95aead", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:36", "Id": "9d2b1e7a-90cc-47da-3601-08dd34d1a471", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "6e8777a1-4055-0000-6bd5-6bfa8b95aead", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "e1f9a2e3-0989-40cd-a007-f03691e3a535", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGOT1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnjovnhiQnNQBGgB_A2keOlNQ.I3fYzm9ys5ogBhPcur_H1PFG8kyvrPGhGedUtdtZBHE", "FileSizeBytes": 18777377, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_46.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_46.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "6d8777a1-7077-0000-6bd5-6222b901cf04", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:33", "Id": "2a98634a-3b06-439d-0d42-08dd34d1a256", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "6d8777a1-7077-0000-6bd5-6222b901cf04", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "e95ec28c-6f4a-4f0b-b3f0-8cdc140af015", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGOH1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmMwl7pSm8LTxGz8IzcFArwFQ.QK7GlTIfHOTfZh143mbvOQ4zn6m5s13xGj5MzJdGceo", "FileSizeBytes": 18712210, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_45.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_45.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "6c8777a1-a0f0-0000-6bd5-64d9d38dad2b", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:31", "Id": "c740cd23-f7d7-4a39-cdcb-08dd34d1a111", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "6c8777a1-a0f0-0000-6bd5-64d9d38dad2b", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "fc6441f9-db28-41a8-be4b-26cb1bf3da03", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGN_1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgn5QWT8KNuoQRG-SybLG_PaAw.OWZ0C8xNt9TBhqFrXeEAEr9u2T0S_rhgKwUrbnrKrKA", "FileSizeBytes": 18541387, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_44.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_44.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "6c8777a1-3068-0000-6bd5-65297565ca1e", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:29", "Id": "207416e9-a282-4857-71e8-08dd34d19fc9", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "6c8777a1-3068-0000-6bd5-65297565ca1e", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "f24c7d8e-4184-424c-a556-167ff7053e8c", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGN31mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmOfUzyhEFMQhGlVhZ_9wU-jA.MuQy7Jx6zoEKGRLoodpG3ojmG0AU43ytZkeNBhzxtvE", "FileSizeBytes": 18699437, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_43.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_43.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "6b8777a1-90a7-0000-6bd5-65e8b769dff2", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:25", "Id": "54deec40-9b61-4f8f-32b9-08dd34d19de7", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "6b8777a1-90a7-0000-6bd5-65e8b769dff2", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "d61372b7-85c2-461c-bf8e-eb1319a1985d", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGNn1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgm3chPWwoUcRhG_jusTGaGYXQ.IZmf2kAkjE38FceeXVVEr8PuzRfNbt8VoB3QsIbYrLQ", "FileSizeBytes": 18734873, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_42.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_42.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "6b8777a1-d049-0000-6bd5-6f640ee4362e", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:24", "Id": "990bb132-0786-49d3-3adc-08dd34d19d0e", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "6b8777a1-d049-0000-6bd5-6f640ee4362e", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "9e8ea7d4-68d7-49f0-a537-978c1a68214f", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGNj1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnUp46e12jwSRGlN5eMGmghTw.fXrKVEKolK2Dv-dfTZ-A5zof8lDyPL__xATak_rDcJQ", "FileSizeBytes": 19209689, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_41.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_41.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "6a8777a1-a0d3-0000-6bd5-66d987a48811", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:22", "Id": "3d73201a-dded-4a6a-df79-08dd34d19be1", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "6a8777a1-a0d3-0000-6bd5-66d987a48811", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "c6f22eec-2838-4d0e-b1e3-67d9011cf022", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGNb1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnsLvLGOCgOTRGx42fZARzwIg.w-VkEmnPNLVA46ZT5u9onH46fpQlNISnWJERFsP6FmY", "FileSizeBytes": 19941219, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_40.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_40.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "6a8777a1-206c-0000-6bd5-6f9dea98c4b9", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:20", "Id": "60a155d4-b6a8-46bf-8033-08dd34d19ae7", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "6a8777a1-206c-0000-6bd5-6f9dea98c4b9", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "bbf3b254-e485-4b89-85fd-bc83fc17242a", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGNT1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglUsvO7heSJSxGF_byD_BckKg.RdlHZsRU_SJlXpaR29yXf5h_4hgDDQN22Qw0vW3vD7Q", "FileSizeBytes": 18855155, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_4.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_4.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "698777a1-004e-0000-6bd5-6fc5d0992f5d", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:16", "Id": "046e244d-8ce7-4020-8bb6-08dd34d1982a", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "698777a1-004e-0000-6bd5-6fc5d0992f5d", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "f1774f40-6a65-47ce-8888-10185219359d", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGND1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglAT3fxZWrORxGIiBAYUhk1nQ.E7BJ2xQrAU-iHxf3UVaOA0RSuiB7mqXVFBTqGtv_qHE", "FileSizeBytes": 19903828, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_39.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_39.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "688777a1-3038-0000-6bd5-61914f432673", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:11", "Id": "7c31198a-21eb-4e7c-e03b-08dd34d1958d", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "688777a1-3038-0000-6bd5-61914f432673", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "69f6549d-259b-4dd5-8005-9fe32a7b3606", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGMv1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmdVPZpmyXVTRGABZ_jKns2Bg.y7swHnyPtcdvNf0iOs4uoMXMuj5iIP7KrEFB2aM75xI", "FileSizeBytes": 19867519, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_38.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_38.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "678777a1-001c-0000-6bd5-6914af937f30", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:07", "Id": "f934e92e-4a7f-4212-b1a8-08dd34d192d5", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "678777a1-001c-0000-6bd5-6914af937f30", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "26a0e840-237b-4caf-ad11-0b9a3283d3b9", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGMf1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglA6KAmeyOvTBGtEQuaMoPTuQ.vp50V9RWCGKqHwKQNG1hRyMgKZtVgFaa3SNxgyUitsA", "FileSizeBytes": 19903787, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_37.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_37.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "668777a1-301a-0000-6bd5-6fb6d3ef6b93", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:03", "Id": "f57ca9e3-032d-48c3-302e-08dd34d1906c", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "668777a1-301a-0000-6bd5-6fb6d3ef6b93", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "909e5659-7a5a-4932-8f86-032bd96b0f7e", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGMP1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglZVp6QWnoySRGPhgMr2WsPfg.EwG5My1SdxyCjAUAGiKAAtotbLR0X4-7hhnWm-5d1LA", "FileSizeBytes": 19938722, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_36.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_36.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "658777a1-409c-0000-5ab5-9710e81feb6d", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:28:01", "Id": "58138746-2f06-4afd-c7ec-08dd34d18f2c", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "658777a1-409c-0000-5ab5-9710e81feb6d", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "a283de12-3bb0-41ad-bbcd-dc1ad6c74745", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGMH1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgkS3oOisDutQRG7zdwa1sdHRQ.VptGY4VFHMipM7gyzbxHqQanWVMoRfrW8PeukuHgxkM", "FileSizeBytes": 19485299, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_35.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_35.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "658777a1-5046-0000-5ab5-9750f89a7c0c", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:59", "Id": "5d585c4a-63c6-4812-335a-08dd34d18e56", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "658777a1-5046-0000-5ab5-9750f89a7c0c", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "d774cfb0-f43d-4ef6-aa48-d6c63ffc8d46", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGL_1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmwz3TXPfT2ThGqSNbGP_yNRg.LdhzQQQh1bYNXhdbWjPDprRW7CqIPop80E_huQ4jnVA", "FileSizeBytes": 18656729, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_34.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_34.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "648777a1-60ef-0000-5ab5-9520bdd78569", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:58", "Id": "bfa4407b-464f-4c64-3cc9-08dd34d18d7d", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "648777a1-60ef-0000-5ab5-9520bdd78569", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "dabc0455-084a-42c4-931b-2e959a9c7a6e", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGL71mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglVBLzaSgjEQhGTGy6Vmpx6bg.GDl4men7pvDmWVTwr8hREYHhsamoZ7o6O8sJshlkOI8", "FileSizeBytes": 18458019, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_33.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_33.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "648777a1-f084-0000-6bd5-6dddc9a194f7", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:56", "Id": "462c4603-bdce-4d09-70f1-08dd34d18c80", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "648777a1-f084-0000-6bd5-6dddc9a194f7", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "c652daf4-577b-44fd-b06c-8a38a857480a", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGLz1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgn02lLGe1f9RBGwbIo4qFdICg.JTkaW_CDNCl_3pC5dHj3llhoiKpEvU6nAHf4R3TeTwk", "FileSizeBytes": 17337841, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_32.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_32.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "648777a1-6020-0000-5ab5-9c372670c3b7", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:55", "Id": "2f45742c-dc0a-42af-8d4c-08dd34d18b88", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "648777a1-6020-0000-5ab5-9c372670c3b7", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "8fa43450-78e6-420d-aef2-b488d4142ce9", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGLv1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglQNKSP5ngNQhGu8rSI1BQs6Q.rzjq4OxMUx9ywIqzyrigQjZZEZjtJMvUXasjDGRBL4M", "FileSizeBytes": 18574716, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_31.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_31.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "638777a1-5028-0000-6bd5-6a34175b54d5", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:51", "Id": "057607f6-14f2-40ec-ab81-08dd34d1892f", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "638777a1-5028-0000-6bd5-6a34175b54d5", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "4c1a42e1-9708-446a-96b7-6280fb8a9a7d", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGLf1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnhQhpMCJdqRBGWt2KA-4qafQ.ItLR2RaSTVJk5ZYBzVW_GRdLcuH2LFitMLfWDiE8F5M", "FileSizeBytes": 19427228, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_30.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_30.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "628777a1-f03d-0000-6bd5-6c7e85e549f5", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:47", "Id": "d2cae088-2739-4c38-76bd-08dd34d186f3", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "628777a1-f03d-0000-6bd5-6c7e85e549f5", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "b0205f99-b8dd-47ab-9c71-871039cf4cac", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGLP1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmZXyCw3birRxGccYcQOc9MrA.rfK-c9YsFrC_iBtzb1eLO0yDuiFcw1hYopt-qoU74e0", "FileSizeBytes": 19081098, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_3.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_3.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "618777a1-b04c-0000-6bd5-620f30f07a93", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:43", "Id": "99e8ddc7-75f5-402e-9159-08dd34d184a6", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "618777a1-b04c-0000-6bd5-620f30f07a93", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "fcd97fc2-9fc1-4111-9848-d509640ad334", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGK_1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnCf9n8wZ8RQRGYSNUJZArTNA.l6LarAyn1PWiQUNkeBwc4DngF3ESOtiHJUTpHUiSkzw", "FileSizeBytes": 18874932, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_29.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_29.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "608777a1-2042-0000-6bd5-6d89965137e3", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:39", "Id": "6569d13c-a120-4b00-ea14-08dd34d18216", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "608777a1-2042-0000-6bd5-6d89965137e3", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "d77b55ba-1963-473a-adbb-6a9ad6f1261c", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGKv1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgm6VXvXYxk6RxGtu2qa1vEmHA.pwvdDhTvIQ2WyvEIjjtiAw6XydfQszFghn7KQ_xm-VI", "FileSizeBytes": 18665525, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_28.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_28.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "5f8777a1-d07c-0000-6bd5-62ec9fb64255", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:36", "Id": "e405fcd1-4a56-4628-13f7-08dd34d1803a", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "5f8777a1-d07c-0000-6bd5-62ec9fb64255", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "41a25b98-b80a-4d3b-b8ab-6890acfabf4f", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGKj1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmYW6JBCrg7TRG4q2iQrPq_Tw.T7Ml7u9jItD5PvJgCOQQmklNrdVtXHQQGGZbAR6_tAw", "FileSizeBytes": 19745345, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_27.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_27.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "5e8777a1-60c1-0000-5ab5-98bfcb67bece", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:33", "Id": "453cb1ea-62d2-4968-95bc-08dd34d17e6b", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "5e8777a1-60c1-0000-5ab5-98bfcb67bece", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "be894c8d-2856-4d6f-9299-b3d377bc712b", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGKX1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmNTIm-VihvTRGSmbPTd7xxKw.H_dG9PjloIOhcpzqX0J1tB7pyi8fSZkwe9Hpey_l_IQ", "FileSizeBytes": 19438898, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_26.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_26.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "5d8777a1-90e7-0000-6bd5-69c85d23c4ee", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:29", "Id": "9f8b93b8-1a1e-4faa-de65-08dd34d17c57", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "5d8777a1-90e7-0000-6bd5-69c85d23c4ee", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "da9d84fc-e91a-4bcd-a038-df6fbf45da3d", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGKH1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgn8hJ3aGunNSxGgON9vv0XaPQ.l4gz58R2uuyqHExWyQFdSFovelDHA1gu-qJ-OAwrYHw", "FileSizeBytes": 19172200, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_25.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_25.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "5d8777a1-d08a-0000-5ab5-950f438fbf08", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:28", "Id": "26087525-8d64-429f-a0d6-08dd34d17b70", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "5d8777a1-d08a-0000-5ab5-950f438fbf08", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "4749f364-020c-4c8e-8c44-ce1f1c7d829b", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGKD1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglk80lHDAKOTBGMRM4fHH2Cmw.MGR7yXab-XPukFsCN71T4RCeOD3wrOox64nlzpaRv3o", "FileSizeBytes": 19002595, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_24.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_24.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "5c8777a1-00dc-0000-6bd5-67ea12de0ae9", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:25", "Id": "7ab4a54c-6bd3-4ce4-998f-08dd34d179ca", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "5c8777a1-00dc-0000-6bd5-67ea12de0ae9", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "55de3c56-5446-4ca8-8c7b-e5bda5c7642e", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGJ31mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglWPN5VRlSoTBGMe-W9pcdkLg.qArY8Pv-vP225GW2ltXIf1K3O9vx4cuPD1AxnBonCXc", "FileSizeBytes": 19877031, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_23.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_23.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "5c8777a1-a06e-0000-6bd5-677caae98b0c", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:23", "Id": "bc197a2d-ac04-4dc1-f599-08dd34d178c1", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "5c8777a1-a06e-0000-6bd5-677caae98b0c", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "d7cdad7d-1579-4483-bdcf-4a12f2c0dc52", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGJv1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgl9rc3XeRWDRBG9z0oS8sDcUg.9CRuKzwfAT8DcSgmNYR-bQkKVCDKcpxTUHOPyp82IIw", "FileSizeBytes": 19465506, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_22.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_22.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "5c8777a1-801f-0000-5ab5-9a3ce55efed8", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:22", "Id": "55e10549-eb20-4494-9e7a-08dd34d17805", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "5c8777a1-801f-0000-5ab5-9a3ce55efed8", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "6d0d48fa-7cdf-4c6f-a610-737cc712f2a6", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGJr1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgn6SA1t33xvTBGmEHN8xxLypg.xgtFkYPk9Zr9oNsk6c9hRx8NvNbeaYAPRVB2VGL0mog", "FileSizeBytes": 19875669, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_21.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_21.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "5b8777a1-305b-0000-6bd5-6e761f9c6fde", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:19", "Id": "9bdd97f4-f9b1-42f8-fe8e-08dd34d17623", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "5b8777a1-305b-0000-6bd5-6e761f9c6fde", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "f419d30c-6e70-4740-bfcd-4f048ccd00a2", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGJf1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgkM0xn0cG5ARxG_zU8EjM0Aog.ndyVlYX4uxYb9l-6a8z57k1ebKatDt6_B3hinrtyaKQ", "FileSizeBytes": 19526945, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_20.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_20.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "5a8777a1-30a3-0000-6bd5-675b7a5f2406", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:16", "Id": "661bedf5-8745-4d4d-92ba-08dd34d1745b", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "5a8777a1-30a3-0000-6bd5-675b7a5f2406", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "269b9287-facd-488b-9c6e-4c3a4ac7d99d", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGJT1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmHkpsmzfqLSBGcbkw6SsfZnQ.Ts3F3pNNgnl53jd_I-558nzdGBTvLt9BfQ2yBvdcvvg", "FileSizeBytes": 18603883, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_2.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_2.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "598777a1-f0ee-0000-6bd5-65beee6b333e", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:13", "Id": "98f55610-2262-4dad-4e84-08dd34d172a8", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "598777a1-f0ee-0000-6bd5-65beee6b333e", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "c831bbd5-0768-4dc8-9758-2dc486745400", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGJH1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnVuzHIaAfITRGXWC3EhnRUAA.eI33Egq2czcbkVyOTvtBJLDViru3t-dPbDnOarG7U9A", "FileSizeBytes": 19338878, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_19.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_19.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "598777a1-a06c-0000-6bd5-6dd4112e1e1e", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:11", "Id": "dbb2be88-ded3-4dbf-c974-08dd34d17167", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "598777a1-a06c-0000-6bd5-6dd4112e1e1e", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "1c99395f-8756-4a3c-a3cb-43b1dad3fd80", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGI_1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglfOZkcVoc8ShGjy0Ox2tP9gA.iUJY8jd_Mo7VesJ_YSrN1XOoNb2QP8uN4os_pJZ_nEk", "FileSizeBytes": 19290736, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_18.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_18.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "588777a1-a0c5-0000-6bd5-650ad3e278d8", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:08", "Id": "ce555202-4cdb-4894-77d9-08dd34d16fd2", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "588777a1-a0c5-0000-6bd5-650ad3e278d8", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "d17af5d8-0087-4bb3-bc41-4a696b45812c", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGIz1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgnY9XrRhwCzSxG8QUppa0WBLA.kH8VtzoRR1yfuwWn3PSua1GjnqObegW6Sg_U4yE2ZJU", "FileSizeBytes": 19395614, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_17.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_17.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "578777a1-f0e9-0000-6bd5-626e17059b68", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:05", "Id": "97ed6c3a-db29-41ec-8a3a-08dd34d16e3f", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "578777a1-f0e9-0000-6bd5-626e17059b68", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "28485ea9-92b0-4e11-8b14-870365e4cbbb", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGIn1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmpXkgosJIRThGLFIcDZeTLuw.yuD5hzAeNTErb-ZVnWpz251h6WcoIfd8IBdQjQFma-A", "FileSizeBytes": 19892955, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_16.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_16.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "578777a1-b00c-0000-5ab5-9e4c192bb2a3", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:27:01", "Id": "6dd37842-df83-4216-39f8-08dd34d16ba0", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "578777a1-b00c-0000-5ab5-9e4c192bb2a3", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "c083964c-395a-47aa-8e6b-a0deb417f66f", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGIX1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglMloPAWjmqRxGOa6DetBf2bw.BuyV1iNOOCTzV5k5ZZWF6wazcr-0FY1zaIW5iZY31q8", "FileSizeBytes": 19852052, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_15.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_15.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "568777a1-8044-0000-5ab5-9063af189fe4", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:26:58", "Id": "06c351ce-cdef-4e42-b178-08dd34d169b2", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "568777a1-8044-0000-5ab5-9063af189fe4", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "2131658f-d3bd-4e80-9613-a402401b8f89", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGIL1mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmPZTEhvdOAThGWE6QCQBuPiQ.OyPx1TgECVlo9hAEJED83xafFfGIfGQwFT9ZoEx9iLQ", "FileSizeBytes": 19845528, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_14.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_14.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "558777a1-d065-0000-5ab5-92f98baf9cd2", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:26:54", "Id": "f896a4e5-0451-4bf0-dd72-08dd34d16797", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "558777a1-d065-0000-5ab5-92f98baf9cd2", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "d7ca7068-b9c3-4692-9805-84687ea2b256", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGP70mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglocMrXw7mSRhGYBYRofqKyVg.EN0ALudqz4wisoTTNgMzOlWkR89WJEoLlUpsVIvtGvw", "FileSizeBytes": 19603917, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_13.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_13.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "548777a1-80cb-0000-5ab5-92a6c8411520", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:26:52", "Id": "d84e934f-d3a8-4dff-75a5-08dd34d1662d", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "548777a1-80cb-0000-5ab5-92a6c8411520", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "13bc896d-b6f5-4a20-89c2-a97f67ac6dd1", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPz0mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgltibwT9bYgShGJwql_Z6xt0Q.fDpl9z2JIJamBk5rdw7FMfM0511ovLrQZ1_Ksh3fXRU", "FileSizeBytes": 18511330, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_12.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_12.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "548777a1-a01f-0000-5ab5-9078f0a8b462", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:26:49", "Id": "8f95e6a7-d25f-4740-2800-08dd34d16479", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "548777a1-a01f-0000-5ab5-9078f0a8b462", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "8cb75fb3-e5c3-45c3-aa97-ea6babc1497e", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPn0mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmzX7eMw-XDRRGql-prq8FJfg.Ytap4olAb2j4f3Vqq-_1n33rQ5g-oGUMkzcUZL_gqYs", "FileSizeBytes": 18118364, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_11.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_11.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "538777a1-7099-0000-6bd5-65e782817c12", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:26:47", "Id": "e6569ade-919a-496a-aea5-08dd34d1632c", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "538777a1-7099-0000-6bd5-65e782817c12", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "ae75cb49-c24d-4531-9ab3-83939015efad", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPf0mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglJy3WuTcIxRRGas4OTkBXvrQ.-wT7N2paFPGswMv_5CK2WMqpFrAvW3LH8nLIzPC1YCE", "FileSizeBytes": 18892358, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_10.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_10.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "528777a1-30fb-0000-6bd5-6e36ff92c4d8", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:26:44", "Id": "869dd181-7680-4a0b-fc89-08dd34d161b3", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "528777a1-30fb-0000-6bd5-6e36ff92c4d8", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "17ff3b80-70ae-4c85-9988-fb2d5c5e22ab", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGPT0mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEgmAO_8XrnCFTBGZiPstXF4iqw.NhUEJ_bF8V679POT7RdJFEmPP5lyH8lJ94W1cu4Y_j4", "FileSizeBytes": 18724357, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_1.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_1.docx"}
{"AppAccessContext": {"ClientAppId": "00000003-0000-0ff1-ce00-000000000000", "ClientAppName": "Office 365 SharePoint Online", "CorrelationId": "518777a1-2087-0000-6bd5-6f6c488e7fce", "TokenIssuedAtTime": "2025-01-24T19:21:37", "UniqueTokenId": "mbWC1n6bWEeuOfbKJqcjAA"}, "CreationTime": "2025-01-24T19:26:38", "Id": "547d4d45-7b8e-4ee3-3dd0-08dd34d15e25", "Operation": "FileDownloaded", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30022001f74eedd0@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "111.132.198.127", "UserId": "attacker2@attack_range.lan", "ApplicationId": "00000003-0000-0ff1-ce00-000000000000", "AuthenticationType": "OAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "518777a1-2087-0000-6bd5-6f6c488e7fce", "DoNotDistributeEvent": true, "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "1c502ccd-c251-4769-bfb4-3c9a46525f55", "ListItemUniqueId": "609e2247-fd3f-4b1e-aea2-4033f49877a3", "Platform": "Service", "Site": "feac8bb6-4e6e-49a7-b098-e866c9eb1a6f", "UserAgent": "OneDriveMpc-Transform_Zip/1.0", "UserSessionId": "9c771a6e-9062-4810-ab4c-0d0a3d238c39", "WebId": "06a230a4-3525-48c2-9ca5-8fb7794dadda", "DeviceDisplayName": "4.236.236.70", "EventSignature": "1.CAESDkZpbGVEb3dubG9hZGVkGO70mrwGIhAxMDAzMjAwMWY3NGVlZGQwKiQwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAyEgm2i6z-bk6nSRGwmOhmyesabzoSCaQwogYlNcJIEZylj7d5Ta3aQhIJzSxQHFHCaUcRv7Q8mkZSX1VKEglHIp5gP_0eSxGuokAz9Jh3ow.UINCCWohqSMn0EJQtl70iF5F66GpAIaobU3fgGb5N0s", "FileSizeBytes": 16143835, "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "ZipFileName": "OneDrive_1_1-14-2025.zip", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_0.docx", "ApplicationDisplayName": "Office 365 SharePoint Online", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_0.docx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-4084-0000-6bd5-636d55caff1f", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:26", "Id": "ce8754c9-9d81-4b6b-5c57-08dd3b557a3b", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-4084-0000-6bd5-636d55caff1f", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "7ce49ab6-4c4e-4cfd-aa9f-21eb03c9fc0c", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjtLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgm2muR8Tkz9TBGqnyHrA8n8DA.6ZSd3Kpen4vAwh_RziJiDuagh6rOhvSKB8Tn6zdo3Dc", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "818198", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_0.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_0.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-9087-0000-6bd5-6e074d887a72", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:26", "Id": "01f42a89-a37b-4834-88db-08dd3b557a43", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-9087-0000-6bd5-6e074d887a72", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "80d79db2-7b4d-4769-9b68-d8f52024a803", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjtLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgmyndeATXtpRxGbaNj1ICSoAw.BUVUdpU90XOHyQiMTVHw_5les8Zs_UGqtmfq1GPc-cU", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "387575", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pptx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_2.pptx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_2.pptx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-5028-0000-6bd5-6afd83659be4", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:26", "Id": "8de66491-c072-464c-6188-08dd3b5579ee", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-5028-0000-6bd5-6afd83659be4", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "1e02b758-7f00-4a09-9cbd-477635f0b550", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjtLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEglYtwIeAH8JShGcvUd2NfC1UA.zBHNb2rH3itmqnyR4NHJy61hIEMMxJDOfwx8TSJ4jV4", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "4818039", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_3.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_3.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-1082-0000-6bd5-65d4bec6630d", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:26", "Id": "a2b6b240-984b-4641-a79b-08dd3b557a33", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-1082-0000-6bd5-65d4bec6630d", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "56df8e2b-556f-48ed-ab71-0496bee324db", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjtLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgkrjt9Wb1XtSBGrcQSWvuMk2w.3x321bf6p46Zid5T2ooG4O0xBgwIkV__szyO9nX8ZK4", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "212790", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_4.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_4.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-502d-0000-6bd5-686f113f594c", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:25", "Id": "01893bdd-6812-4d85-c961-08dd3b557964", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-502d-0000-6bd5-686f113f594c", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "230dd2f0-b0fa-4aa9-8a19-ba35d102e8cd", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjdLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgnw0g0j-rCpShGKGbo10QLozQ.4Pyz_TnNw4rqCFR6_cRey3gXKKeDvB-2QscHsjdiMb8", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "27617", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_5.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_5.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-c043-0000-6bd5-67a811765a65", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:25", "Id": "e1a3cdd5-9296-49a0-3c12-08dd3b557999", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-c043-0000-6bd5-67a811765a65", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "ab686aa8-1d29-4ded-a031-7a7dffd69595", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjdLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgmoamirKR3tTRGgMXp9_9aVlQ.gF0DOWuExY9uvvPXvhQukG4o-MbudlWMGdVcG9vQzvo", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "91", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "url", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_6.url", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_6.url"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-5056-0000-6bd5-628e47456629", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:25", "Id": "3f7578b9-7fd5-4c9a-7675-08dd3b5579d2", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-5056-0000-6bd5-628e47456629", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "bf15c577-ad50-43b6-bf08-d294226296f4", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjdLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgl3xRW_UK22QxG_CNKUImKW9A.DVDNQdZQFKXUfcdkbIVCzOZ45OiFdyM5zctsGkXqOKc", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "816782", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_7.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_7.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-9032-0000-6bd5-603e588b6824", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:25", "Id": "7678c7bb-11ec-455c-cc75-08dd3b55796c", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-9032-0000-6bd5-603e588b6824", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "2a5f587b-43ca-4e50-bcc2-53e6973ea07d", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjdLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgl7WF8qykNQThG8wlPmlz6gfQ.RtZRn1nzGFCwUfLHjtRVp-k8pxYhcE-KONH1xa7jTuk", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "151074", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_8.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_8.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-e04d-0000-6bd5-68ba7ec9b8b5", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:25", "Id": "be750bf3-97a6-44f4-f15f-08dd3b5579b1", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-e04d-0000-6bd5-68ba7ec9b8b5", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "db2ced47-59a2-412c-8843-04ae0629fb06", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjdLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEglH7SzbolksQRGIQwSuBin7Bg.6pUBkucjlj0yv4HaaMUTb_ULcbLlNmQUOHnflaUam_0", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "126778", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_9.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_9.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-805f-0000-6bd5-6fe9cac454f4", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:25", "Id": "5d4125cd-8ff4-4d67-a0b9-08dd3b5579e1", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-805f-0000-6bd5-6fe9cac454f4", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "31218858-4e1e-4b38-96f7-c8b2496f34c1", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjdLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEglYiCExHk44SxGW98iySW80wQ.7oXgUOd96ihvTyOk_Y3GeEq7VI-pqBzgXF7dvarVnCI", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "814362", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_10.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_10.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-0030-0000-6bd5-6c5c4c9cd23c", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:25", "Id": "d6e9fa34-c1b0-483c-c61e-08dd3b55796d", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-0030-0000-6bd5-6c5c4c9cd23c", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "1f00aaa0-d1de-45c9-82e4-f2f9b3be78e8", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjdLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgmgqgAf3tHJRRGC5PL5s7546A.QU6cHFRq-EkUUbpd7xGMZEZr2QpKLyR5909Os3tFNrw", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "22435", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_10.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_10.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-8046-0000-6bd5-69c054804667", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:25", "Id": "a7e01749-4f13-4ea7-3d8f-08dd3b5579a2", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-8046-0000-6bd5-69c054804667", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "b03778cc-508e-48d5-a3f2-055a95a4672c", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjdLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgnMeDewjlDVSBGj8gValaRnLA.qrOTXd0pSN3r_HH3_Bs3BhpXQmXVaIhYowIaa-ulNAQ", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "59405", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_12.docx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_12.docx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-f05d-0000-6bd5-62c1716d6467", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:25", "Id": "4d19f9bb-d8e2-49df-99af-08dd3b5579e2", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-f05d-0000-6bd5-62c1716d6467", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "ed3853a8-66eb-4ebe-b515-c400a704b2be", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjdLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgmoUzjt62a-ThG1FcQApwSyvg.cb9wNk3SVxjwjcwuZT4j-rE9qBPCR6srTFk4T4CHXdw", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "817438", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_13.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_13.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-c02b-0000-6bd5-6dd5eb618f2f", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:25", "Id": "9caa96e3-4fbc-43b2-a4ed-08dd3b55795e", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-c02b-0000-6bd5-6dd5eb618f2f", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "6b950ec3-20c2-47a5-b5f8-e601175e772d", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjdLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgnDDpVrwiClRxG1-OYBF153LQ.jaEPUeIPaGMoKX11r74pRiaTRu7Ich1o8j6094ytafQ", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "62945", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_14.docx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_14.docx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-4042-0000-6bd5-67d8e2f8ee46", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:25", "Id": "d86d40b7-b047-43a1-548b-08dd3b55798e", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-4042-0000-6bd5-67d8e2f8ee46", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "32a7daa6-0375-4024-8dce-d2f12559e7cd", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjdLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgmm2qcydQMkQBGNztLxJVnnzQ.R35OLaDWZXOfDz6B369PJf_k-SfDvv4UcYlsdMDWORI", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "296", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "url", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_15.url", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_15.url"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-d054-0000-6bd5-6029025d1813", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:25", "Id": "a9b4c96e-d182-47e7-2a5a-08dd3b5579c5", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-d054-0000-6bd5-6029025d1813", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "f4c47b11-4438-4a8f-a830-017d4160cfee", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjdLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgkRe8T0OESPShGoMAF9QWDP7g.cex-qPcX5k_THhRlNLnxCW-DbRgjYcrfhdJKT32aRC4", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "815826", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_16.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_16.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-6034-0000-6bd5-6dcfbb0b38ae", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:25", "Id": "b485a708-4f4d-43ec-ce00-08dd3b55796e", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-6034-0000-6bd5-6dcfbb0b38ae", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "26af38e0-e696-41f9-90bd-d39a5db18cde", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjdLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgngOK8mlub5QRGQvdOaXbGM3g.5t1Z8Tj2g5YPmunSOrajH867L57O1_HFTsJzrfzHBVc", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "15603", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_17.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_17.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-e047-0000-6bd5-69bb323d6aeb", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:25", "Id": "c6a910b2-0715-428f-df7b-08dd3b5579a0", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-e047-0000-6bd5-69bb323d6aeb", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "68f77877-681a-41c1-9027-d8658306e2d7", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjdLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgl3ePdoGmjBQRGQJ9hlgwbi1w.B68sJ8xo-TdM6OQ9yGvKuxkCP1X4vHAWUrLRYRrQZuM", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "145", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "url", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_18.url", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_18.url"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-8058-0000-6bd5-61e7b49792e6", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:25", "Id": "efe1017a-a853-4566-f1b1-08dd3b5579d2", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-8058-0000-6bd5-61e7b49792e6", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "ed27ed82-bb1b-45c4-95b2-adcff5a37249", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjdLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgmC7SftG7vERRGVsq3P9aNySQ.Vei6SDsK0Xm2YSAtVkt-zibgZFgkNAsGW46ICMtqihs", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "819336", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_19.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_19.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-3029-0000-6bd5-69fcce19b371", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:25", "Id": "84fa1835-50f5-40c1-8939-08dd3b557953", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-3029-0000-6bd5-69fcce19b371", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "c025706e-03b4-4eb5-b4f0-6ea55d2ef5d8", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjdLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEglucCXAtAO1ThG08G6lXS712A.5Dpcne1wpaPZ8q4WjWrorZXeBza1EjfGn3sMhNp0gz4", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "25037", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_20.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_20.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-a040-0000-6bd5-6343b27b9304", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:25", "Id": "a4b8005f-e237-49b2-c2c0-08dd3b55798c", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-a040-0000-6bd5-6343b27b9304", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "fb88c2a8-db51-4d21-80de-fa493582b423", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjdLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgmowoj7UdshTRGA3vpJNYK0Iw.O8orQhvJH3SMGkvU9cDDSvpQtximFSta04WmOjOF-dE", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "353", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "url", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_21.url", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_21.url"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-3051-0000-6bd5-67f3c396dc4f", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:25", "Id": "f0fd21f4-a582-411f-acfa-08dd3b5579b7", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-3051-0000-6bd5-67f3c396dc4f", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "95a71fee-c047-46e4-92ec-6ec396ed266f", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjdLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgnuH6eVR8DkRhGS7G7Dlu0mbw.SEp-ezjhSXhzAAaHC1MlIyooNIO9i3wBVEm6wkxztFs", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "145", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "url", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_22.url", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_22.url"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-b0f3-0000-6bd5-69c0d77d1622", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:24", "Id": "f926fa54-1e46-48b8-938f-08dd3b5578ce", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-b0f3-0000-6bd5-69c0d77d1622", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "edec581d-f8f6-4304-8eb4-9bab96a1c1f0", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgkdWOzt9vgEQxGOtJurlqHB8A.cH7dm5mKKkarEcU5p6Md0Ju9hsM1mQCLqMzk51cXe3E", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "24417", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_23.docx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_23.docx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-5003-0000-6bd5-623fcdc1bd97", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:24", "Id": "6d08798f-5869-4a4e-1c26-08dd3b5578f7", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-5003-0000-6bd5-623fcdc1bd97", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "8926b83d-e62f-4c61-8dcd-947d57a517c6", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgk9uCaJL-ZhTBGNzZR9V6UXxg.6K_l4DuZo4pFWZ5oiI-RNYa3_g5IlZADnvXILUZn1js", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "24086", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_24.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_24.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-e014-0000-6bd5-66d664a4ccf3", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:24", "Id": "c2845122-291d-4ac5-552a-08dd3b557930", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-e014-0000-6bd5-66d664a4ccf3", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "2e4fb771-0d8d-48a5-b3d1-6b966809284d", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEglxt08ujQ2lSBGz0WuWaAkoTQ.62NSXVsyLBGyq-HvMJrVhM_zFi8wjgqypQuaPWbfnOg", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "47956", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_25.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_25.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-00f6-0000-6bd5-6f88d0b709ea", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:24", "Id": "16b3e356-890e-4ae6-96db-08dd3b5578d6", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-00f6-0000-6bd5-6f88d0b709ea", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "74df4cd9-36b3-425b-ba6a-984ac5ea7d5d", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgnZTN90szZbQhG6aphKxep9XQ.aLmhPiHsB3Hps5ee45dWh6vdVH0HNqtl-1oUX40uACU", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "15734", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "csv", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_26.csv", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_26.csv"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-9007-0000-6bd5-67ff8ecaeae3", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:24", "Id": "f1cab51e-fe6d-4c7e-4887-08dd3b557906", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-9007-0000-6bd5-67ff8ecaeae3", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "996f2d87-e5b5-4d4c-9d0e-7be83d921df5", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgmHLW-ZteVMTRGdDnvoPZId9Q.sCnLBKoXlyetnJy2mXDmpOzoAUlRtup9TaAA-5EaxoA", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "254284", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_27.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_27.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-0021-0000-6bd5-67d5fdc23dfb", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:24", "Id": "2a108f98-5837-4304-7fd7-08dd3b55793f", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-0021-0000-6bd5-67d5fdc23dfb", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "01c26872-1f40-43da-b684-92936aa3718d", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEglyaMIBQB_aQxG2hJKTaqNxjQ.bV9cbtbB8G4_nMKeDt9V1POXC3KNd5qfhC6idP_PahA", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "29500", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_28.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_28.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-90c6-0000-6bd5-6cf5549e2930", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:24", "Id": "3e871c9d-7be3-4579-6ae1-08dd3b5578d0", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-90c6-0000-6bd5-6cf5549e2930", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "9b270d23-9b55-4636-a1b2-37fe3c078fec", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgkjDSebVZs2RhGhsjf-PAeP7A.9Te-QbhSlX_pyEEkXG3FZoCAr3LY4SHicQTq_2LrYXU", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "1637238", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pptx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_29.pptx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_29.pptx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-a017-0000-6bd5-6e9330bbe4e4", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:24", "Id": "cbf2bea9-20d4-4238-2b3f-08dd3b557932", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-a017-0000-6bd5-6e9330bbe4e4", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "40324f84-13f7-48b2-a5cc-529b9d7f9ba1", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgmETzJA9xOySBGlzFKbnX-boQ.qHrdDT0E7etIsio3pkdFutMJMPBxzXSIt_XmXBP5WBA", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "29798", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_30.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_30.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-d000-0000-6bd5-650461131eae", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:24", "Id": "fced3cd0-8ef0-4627-20c1-08dd3b5578f8", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-d000-0000-6bd5-650461131eae", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "f0c9d21d-b19b-4197-a3b6-def31b5a97c0", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgkd0snwm7GXQRGjtt7zG1qXwA.mVEj2PBPvl0MwkPGwJsT70P9Lq3Um-Fx_ILOfuCUCsc", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "142431", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_31.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_31.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-301a-0000-6bd5-63167436b3c1", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:24", "Id": "ca57d517-fe67-46ea-f5e5-08dd3b55792e", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-301a-0000-6bd5-63167436b3c1", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "74ff40f1-7a60-432e-816c-ececfbddd6c6", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgnxQP90YHouQxGBbOzs-93Wxg.Mx6_IuFmmxzVSN7hwCxhPilZDYuvYak8xblU7wmF0iA", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "29521", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_32.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_32.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-d0f7-0000-6bd5-6393478d5455", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:24", "Id": "62fe4f1f-f36f-4c33-21aa-08dd3b5578e2", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-d0f7-0000-6bd5-6393478d5455", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "7ae5c87a-af94-40dc-bed1-6ffe21a2a83d", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgl6yOV6lK_cQBG-0W_-IaKoPQ.AuOPB5hSfLhg9UH61G4q_EKaL4dFDy3MwPS1bqWoUu0", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "74984", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "docx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_33.docx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_33.docx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-3012-0000-6bd5-6f9a94039de5", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:24", "Id": "d7f9f833-e19a-4a61-bcc1-08dd3b55791d", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-3012-0000-6bd5-6f9a94039de5", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "2fc33752-e9d4-4abd-8373-87fd78e82959", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEglSN8Mv1Om9ShGDc4f9eOgpWQ._e8b2ZNLPwd1QY8DUn7dE63snCgM5dbKoB-SK4gX6h0", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "40624", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_34.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_34.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "93327aa1-c022-0000-6bd5-69e2cd410b05", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:24", "Id": "d6a4b38f-fa14-4aa1-a85f-08dd3b557948", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "93327aa1-c022-0000-6bd5-69e2cd410b05", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "ff22e1da-37e2-4951-a78a-fc7bddffe0bc", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgna4SL_4jdRSRGnivx73f_gvA.LvmlNHgbqpTlUt_P7Ehm6o3fjluQ2gv1WNE63T3_f8Y", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "124983", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_35.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_35.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-f0b6-0000-6bd5-645687196df4", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:24", "Id": "705187bf-9c07-4b5b-907e-08dd3b5578d7", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-f0b6-0000-6bd5-645687196df4", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "86596d8e-363d-4ad3-a6d1-b398c14ace35", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYjNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgmObVmGPTbTShGm0bOYwUrONQ.x6doMwk3lA3GmMbrHibIHh7J1eqyykzvECIhe1VrmiU", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "2015913", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_36.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_36.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-10bb-0000-6bd5-60af447e413f", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:23", "Id": "542b46bb-ee14-4be3-d4ce-08dd3b55784d", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-10bb-0000-6bd5-60af447e413f", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "5c98c186-a911-4702-828f-7cd54c5d47d4", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYi9LGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgmGwZhcEakCRxGCj3zVTF1H1A.Ql0IX_hnQowCVdvuWmcaef9J0U9eSAftt_xFkhzYA2o", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "1018311", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_37.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_37.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-00cd-0000-6bd5-6ec43688e8ff", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:23", "Id": "d2c3f2ba-76c6-407a-e9ef-08dd3b5578a6", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-00cd-0000-6bd5-6ec43688e8ff", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "136aa6ec-4044-47fa-bf9f-fba2861e727d", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYi9LGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgnspmoTRED6RxG_n_uihh5yfQ.8LroVNv5IQ4_Ew8IBfxvpXDN7QBR0F1Z_fSQ3GSHAnM", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "1285428", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_38.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_38.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "91327aa1-50f1-0000-6bd5-66103baeccd0", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:23", "Id": "bd9690cc-83d9-43b1-d7ba-08dd3b55784e", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "91327aa1-50f1-0000-6bd5-66103baeccd0", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "b9d600dc-b151-4842-b8bb-73d538b88af8", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYi9LGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgncANa5UbFCSBG4u3PVOLiK-A.trCj9CGe4_4duCVK9-Y9uhe19Zd-s9gu7RAg4mWofQg", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "6303468", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_39.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_39.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-b0a8-0000-6bd5-699dfb797da8", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:23", "Id": "5c6a730f-df89-4d86-53db-08dd3b55782f", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-b0a8-0000-6bd5-699dfb797da8", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "12cacb74-c173-4635-9e73-f590ced9ab92", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYi9LGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgl0y8oSc8E1RhGec_WQztmrkg.rfrbrJk7O4BXLltMs-xOextsXX6doP-80kVw3MJpHgI", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "464201", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_40.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_40.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-30e7-0000-6bd5-62be0e0f1537", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:23", "Id": "0c92010a-0f30-4526-11ac-08dd3b5578b0", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-30e7-0000-6bd5-62be0e0f1537", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "9d4ffb46-86e1-4e8f-a32e-4e0a5b0295ae", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYi9LGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEglG-0-d4YaPThGjLk4KWwKVrg.u_0ufWeNT_vlm4DsjuWrqdNKnbWs2gB5J8sYZoi9Zmo", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "18761", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "xlsx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_41.xlsx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_41.xlsx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "91327aa1-b0f9-0000-6bd5-629bc3d79ed7", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:22", "Id": "b379599f-e01a-4d09-a3b8-08dd3b557798", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "91327aa1-b0f9-0000-6bd5-629bc3d79ed7", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "c61d920d-fea7-4f9a-a989-bd5547b2301f", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYitLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgkNkh3Gp_6aTxGpib1VR7IwHw.B11ZSkUatgI4njNksLL-ux_aOCT7AXTqh-QjOx3O4_s", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "3569439", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_42.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_42.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-c09d-0000-6bd5-6f092d10e297", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:22", "Id": "6824b1ff-750e-4705-edb7-08dd3b557803", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-c09d-0000-6bd5-6f092d10e297", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "5aaf8e54-b4fb-43e6-824b-4c74d3f93355", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYitLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEglUjq9a-7TmQxGCS0x00_kzVQ.UTvd2yZxPKlpvYe0NlBA6Sw9SLwF7pzYeya91QkrDFo", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "422523", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_43.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_43.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-2075-0000-6bd5-6006d6fc2dae", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:22", "Id": "c50a2a21-5a02-49fa-0640-08dd3b5577a3", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-2075-0000-6bd5-6006d6fc2dae", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "2cfdcd0a-a697-45d9-9dbe-830f45ee2752", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYitLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgkKzf0sl6bZRRGdvoMPRe4nUg.Dz2bIZ7Sl0WnjhJf4PYT8bsg_PIDO507mhyz9_2HzCc", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "64365", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_44.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_44.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-507c-0000-6bd5-6a8e523ecf2c", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:22", "Id": "e8a79cec-53a2-4da0-169d-08dd3b5577b7", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-507c-0000-6bd5-6a8e523ecf2c", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "bbc8607c-93f5-42b7-a2fa-f132e00a6549", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYitLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgl8YMi79ZO3QhGi-vEy4AplSQ.gGxTkKSolvsw7rP0u4WEVd3-RoKyQJngQ9HBBj6uWSs", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "885707", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_45.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_45.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-70a2-0000-6bd5-628b30b3971d", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:22", "Id": "4428dfa4-ace7-4441-1152-08dd3b557814", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-70a2-0000-6bd5-628b30b3971d", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "7b83042f-46ac-4930-8ec9-e972ed34b032", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYitLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgkvBIN7rEYwSRGOyely7TSwMg.TE0SoD61tGUSOs-PiSXC1XKgKF0quUqjJ_syWkte9m8", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "338733", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_46.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_46.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-4069-0000-6bd5-66d4441149b2", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:22", "Id": "d7760c00-89f6-4de7-3503-08dd3b55778d", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-4069-0000-6bd5-66d4441149b2", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "1c743a0f-1357-4483-a6ff-e42bdee7b841", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYitLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgkPOnQcVxODRBGm_-Qr3ue4QQ.s6PzKV89-AjjXrYgmQNuXR1Kj1GKhNCtEYV3LunXdBw", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "618605", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_47.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_47.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-608d-0000-6bd5-6fad19ed6f1e", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:22", "Id": "99d9ca00-7a20-469d-7f00-08dd3b5577d9", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-608d-0000-6bd5-6fad19ed6f1e", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "352ed478-6bfb-427e-a8cd-db72a0642b4a", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYitLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgl41C41-2t-QhGozdtyoGQrSg.LQat8T_-NHl-NA0s7htOddfj2m0IQlkfGwzZJ80av_I", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "354327", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_48.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_48.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-1088-0000-6bd5-6e7bd5b5180d", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:22", "Id": "0071a2cf-c5b7-40ce-e9c3-08dd3b5577ce", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-1088-0000-6bd5-6e7bd5b5180d", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "041bf9da-936b-4876-91a7-0be17e513631", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYitLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgna-RsEa5N2SBGRpwvhflE2MQ.jlRIOe8g1qkwQfYB3T_TJSzCT9APnaJOjDo4dz6uiFQ", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "530628", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pptx", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_49.pptx", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_49.pptx"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-a036-0000-6bd5-637611327d36", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:21", "Id": "2f5a7526-6467-4a11-7095-08dd3b55770a", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-a036-0000-6bd5-637611327d36", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "8e14ce62-0bcf-4c8d-969e-db2b8928735f", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYidLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEglizhSOzwuNTBGWntsriShzXw.xyKtGzbB7wtAnfB41OIws22iN-2XekKA_dVdfb5q9t8", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "160422", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_50.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_50.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-c05a-0000-6bd5-6ac86d4e133c", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:21", "Id": "c3d960ed-32d0-4db7-e3e4-08dd3b55775d", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-c05a-0000-6bd5-6ac86d4e133c", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "a78e490c-176f-4265-a250-8c88ce71686f", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYidLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgkMSY6nbxdlQhGiUIyIznFobw.laECzvbo7Nc9k3CpbWylReM1iymeieHaj4cW_YZQXfE", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "51", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "url", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_51.url", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_51.url"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-f038-0000-6bd5-6924673eedeb", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:21", "Id": "44746385-1f92-49e6-f562-08dd3b557714", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-f038-0000-6bd5-6924673eedeb", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "01b5288d-c2e9-4b64-b4e0-f72616292782", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYidLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgmNKLUB6cJkSxG04PcmFikngg.h1gYd_b7JHnC5fshc4uCVAcsNoaaKECY72kgOtMc41U", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "90", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "url", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_52.url", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_52.url"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-704f-0000-6bd5-60b74b5d9255", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:21", "Id": "6763268a-dd93-492e-a4ad-08dd3b557744", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-704f-0000-6bd5-60b74b5d9255", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "ac4783f7-6776-4ae3-924a-609dc52a6625", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYidLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgn3g0esdmfjShGSSmCdxSpmJQ.EQAChtjLrfOgfCtha2L-fMQWSMurshEA3PmgePIawRA", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "145", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "url", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_53.url", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_53.url"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-f061-0000-6bd5-642c22d0bac8", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:21", "Id": "af801b03-38c2-488d-7ab8-08dd3b55777b", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-f061-0000-6bd5-642c22d0bac8", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "6ac5b17a-76d9-47e8-bd9f-e2b9708680b7", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYidLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgl6scVq2XboRxG9n-K5cIaAtw.-nQdf24UTMU0Riz0LZbE2iRCNwUk_ywEAMPygLQPmHc", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "106601", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_54.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_54.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-f04a-0000-6bd5-62e30ec357dc", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:21", "Id": "3c5ce7cc-0746-4387-2150-08dd3b55773c", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-f04a-0000-6bd5-62e30ec357dc", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "865f3720-8130-431c-af47-e1b9354deade", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYidLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgkgN1-GMIEcQxGvR-G5NU3q3g.NAbAmqPMexFf2VLiHdVXZTo2XyTa1AJK1M0cj1MhlAs", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "524759", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_55.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_55.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-e03a-0000-6bd5-64849e4d30ca", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:21", "Id": "a32e8fe2-ebf5-4981-2d57-08dd3b557710", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-e03a-0000-6bd5-64849e4d30ca", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "e6686556-68e4-47df-a0e8-da484bec3d30", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYidLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEglWZWjm5GjfRxGg6NpIS-w9MA.wKHZKbyvPghzJvjiJFNn4WgZt4LUYO4W8xdWR8fT8cU", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "109", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "url", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_56.url", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_56.url"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-704d-0000-6bd5-6f24ac8c0403", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:21", "Id": "214e2c27-92a7-4422-17a0-08dd3b55773b", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-704d-0000-6bd5-6f24ac8c0403", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "46534abd-aed0-43b2-9b8b-3d8b98c99118", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYidLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgm9SlNG0K6yQxGbiz2LmMmRGA.gpTecbr4fHW4cvaT1YtFJSjxvrmlAlsC9vdqx12LZ34", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "132363", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_57.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_57.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-0060-0000-6bd5-6208a7073367", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:21", "Id": "cc1b7218-dde6-49e7-8a20-08dd3b55776f", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-0060-0000-6bd5-6208a7073367", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "217d311f-0186-4335-a5df-9961704dcdd6", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYidLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgkfMX0hhgE1QxGl35lhcE3N1g.0c8zZxLgKlmOpVSxB9Hn-CUn6gs2_uP_owl_qhetKhA", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "480141", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_58.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_58.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "91327aa1-20f8-0000-6bd5-64bd1fb7ffdf", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:20", "Id": "044eb020-366a-45c3-ae70-08dd3b5576c7", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "91327aa1-20f8-0000-6bd5-64bd1fb7ffdf", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "166aa5f2-0d2e-4c8d-987e-061d1dbc519b", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYiNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgnypWoWLg2NTBGYfgYdHbxRmw.-k9opnm19gk7J9FnjGj7dCyh2egAlBa-lmZOunpku9Y", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "1068058", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_59.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_59.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-901f-0000-6bd5-64dcd41eef50", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:20", "Id": "5b3c2c1f-b400-419f-6ec2-08dd3b5576cd", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-901f-0000-6bd5-64dcd41eef50", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "10e38407-4321-4564-9d61-da6d9e9120c7", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYiNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgkHhOMQIUNkRRGdYdptnpEgxw.HtljaFK7xyy7hu30s0D0u2YFus9GaBOo76f_WUBwUB4", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "505366", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_60.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_60.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "91327aa1-40ff-0000-6bd5-61c4fad93fec", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:20", "Id": "17884529-f72d-4bb1-adea-08dd3b557691", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "91327aa1-40ff-0000-6bd5-61c4fad93fec", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "56fb0eb4-b329-434b-bef8-b00136e91872", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYiNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgm0DvtWKbNLQxG--LABNukYcg.ISwmuyfGvlZdNDhLvZoUGPBk8xZQWpYu5NyTwKpia0g", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "327339", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_61.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_61.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "91327aa1-10f4-0000-6bd5-60f824e14007", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:20", "Id": "c6f64f36-a8db-421c-5357-08dd3b55766a", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "91327aa1-10f4-0000-6bd5-60f824e14007", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "0a47e6f7-ed45-4f2f-91e5-1488cc3b8ed2", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYiNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgn35kcKRe0vTxGR5RSIzDuO0g.Tad3oQrOpMZG-ImGDWK61E21-_2FJkerTauOWUomvq0", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "226346", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_62.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_62.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-f020-0000-6bd5-6139187aefaf", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:20", "Id": "484c72dd-25f4-4524-8944-08dd3b5576e1", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-f020-0000-6bd5-6139187aefaf", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "2d7b7401-abbe-452b-a16c-abfa72e0a33b", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYiNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgkBdHstvqsrRRGhbKv6cuCjOw.gsp2IL0AhDW3DVPTokOtOgqj_JO_BCgAhKiavv87hlM", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "410744", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_63.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_63.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "91327aa1-90f6-0000-6bd5-6be7718d67b2", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:20", "Id": "6d733006-93a9-4b71-e6d1-08dd3b557685", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "91327aa1-90f6-0000-6bd5-6be7718d67b2", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "4f95a734-a819-459a-9726-9cffc3b14cb0", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYiNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgk0p5VPGaiaRRGXJpz_w7FMsA.DoN3KQOYVWbQAd-kzpc3lewhLmQaf5EgwFxrOg1daXk", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "473248", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_64.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_64.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "92327aa1-7023-0000-6bd5-6b19744bc7bd", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:20", "Id": "21deb6d5-6f6b-45f5-55ac-08dd3b5576d9", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "92327aa1-7023-0000-6bd5-6b19744bc7bd", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "1ce30d03-088f-437c-bc85-2458c1e344c3", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYiNLGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgkDDeMcjwh8QxG8hSRYweNEww.TLhA2Mw9R9AN-UZlLfIhdNyOnAGke_Gk5ReVNJyrh8I", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "287963", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_65.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_65.pdf"}
{"AppAccessContext": {"AADSessionId": "782c415a-5fb5-4de5-a365-81c6b6a3e677", "ClientAppName": "OneDriveSync", "CorrelationId": "91327aa1-e0e9-0000-6bd5-6a7d959ea5d7", "TokenIssuedAtTime": "2025-01-24T19:41:15", "UniqueTokenId": "qEHLD19rgU2NrFiaJ1V_AA"}, "CreationTime": "2025-01-23T02:27:19", "Id": "58a3ad8e-ec57-4871-d844-08dd3b557653", "Operation": "FileSyncDownloadedFull", "OrganizationId": "6915b1e0-b081-4829-8866-f1a3e883a9ae", "RecordType": 6, "UserKey": "i:0h.f|membership|30012000b0ea249f@live.com", "UserType": 0, "Version": 1, "Workload": "SharePoint", "ClientIP": "214.133.161.103", "UserId": "attacker3@attack_range.lan", "AuthenticationType": "FormsCookieAuth", "BrowserName": "", "BrowserVersion": "", "CorrelationId": "91327aa1-e0e9-0000-6bd5-6a7d959ea5d7", "EventSource": "SharePoint", "GeoLocation": "NAM", "IsManagedDevice": true, "ItemType": "File", "ListId": "8e23817c-d27f-4842-8de0-d52eaf1e0b64", "ListItemUniqueId": "80ff1727-209f-429c-bef4-73e2c490e730", "Platform": "WinDesktop", "Site": "6886501c-ee68-487c-95f5-b1cb455829ac", "UserAgent": "Microsoft SkyDriveSync 24.244.1204.0003 ship; Windows NT 10.0 (19045)", "WebId": "63f8ec62-452d-4c83-9524-47d7ac7761a8", "DeviceDisplayName": "189.135.168.197", "EventSignature": "1.CAESFkZpbGVTeW5jRG93bmxvYWRlZEZ1bGwYh9LGvAYiEDEwMDMyMDAwYjBlYTI0OWYyEgkcUIZoaO58SBGV9bHLRVgprDoSCWLs-GMtRYNMEZUkR9esd2GoQhIJfIEjjn_SQkgRjeDVLq8eC2RKEgknF_-AnyCcQhG-9HPixJDnMA.e0adJ9swqWIF7zEelK--Nw2XRy62V0L3sH7_KD6I2dU", "MachineDomainInfo": "931983eb-69c8-4d22-bc19-87c24fb24818", "MachineId": "aef98cf7-fb02-4783-8604-15ee388c329b", "FileSyncBytesCommitted": "257356", "HighPriorityMediaProcessing": false, "ListBaseType": 1, "ListServerTemplate": 101, "SourceFileExtension": "pdf", "SiteUrl": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/", "SourceRelativeUrl": "Shared Documents/General/ProprietaryInfo", "SourceFileName": "ProductionFormula_66.pdf", "ApplicationDisplayName": "OneDriveSync", "ObjectId": "https://attack_range.sharepoint.com/sites/CorporateSecretsManagement/Shared Documents/General/ProprietaryInfo/ProductionFormula_66.pdf"}