154100x800000000000000028631404Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-03-20 20:30:23.914{EF490992-C25F-6418-989B-00000000C702}3568C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe1, 0, 0, 1Remote Command ExecutorRemote System Deployment UtilTalha Tariq - [ talhatariq.wordpress.com ]RemCom.exe"C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe" \\127.0.0.1 /user:Administrator calc.exeC:\Users\Administrator\Desktop\MSWIN-SERVER\Administrator{EF490992-EEBB-6411-9D9F-620000000000}0x629f9d2HighMD5=014CF8D63AB7203B6E7212892C0FD846,SHA256=85231BA8A267677791B7C2E77D957070430A9EA1BE5EEF8C0848C33FF6B0E88D{EF490992-C4F1-6414-1B41-00000000C702}3352C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" MSWIN-SERVER\Administrator 154100x800000000000000028627376Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-03-20 20:27:52.944{EF490992-C1C8-6418-899B-00000000C702}320C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe1, 0, 0, 1Remote Command ExecutorRemote System Deployment UtilTalha Tariq - [ talhatariq.wordpress.com ]RemCom.exe"C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe" \\localhost /user:Administrator /pwd:P@ssword1 "C:\Windows\System32\calc.exe"C:\Users\ADMINI~1\AppData\Local\Temp\2\MSWIN-SERVER\Administrator{EF490992-EEBB-6411-9D9F-620000000000}0x629f9d2HighMD5=014CF8D63AB7203B6E7212892C0FD846,SHA256=85231BA8A267677791B7C2E77D957070430A9EA1BE5EEF8C0848C33FF6B0E88D{EF490992-C1C8-6418-879B-00000000C702}2180C:\Windows\System32\cmd.exe"cmd.exe" /c ""C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe" \\localhost /user:Administrator /pwd:P@ssword1 "C:\Windows\System32\calc.exe""MSWIN-SERVER\Administrator 154100x800000000000000028625141Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-03-20 20:27:28.998{EF490992-C1B0-6418-7A9B-00000000C702}2272C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe1, 0, 0, 1Remote Command ExecutorRemote System Deployment UtilTalha Tariq - [ talhatariq.wordpress.com ]RemCom.exe"C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe" \\127.0.0.1 /user:Administrator /pwd:P@ssword1 calc.exeC:\Users\Administrator\Desktop\MSWIN-SERVER\Administrator{EF490992-EEBB-6411-9D9F-620000000000}0x629f9d2HighMD5=014CF8D63AB7203B6E7212892C0FD846,SHA256=85231BA8A267677791B7C2E77D957070430A9EA1BE5EEF8C0848C33FF6B0E88D{EF490992-C4F1-6414-1B41-00000000C702}3352C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" MSWIN-SERVER\Administrator 154100x800000000000000028624824Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-03-20 20:27:18.532{EF490992-C1A6-6418-789B-00000000C702}3508C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe1, 0, 0, 1Remote Command ExecutorRemote System Deployment UtilTalha Tariq - [ talhatariq.wordpress.com ]RemCom.exe"C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe" \\127.0.0.1 /user:Administrator /pwd:P@ssw0rd1 calc.exeC:\Users\Administrator\Desktop\MSWIN-SERVER\Administrator{EF490992-EEBB-6411-9D9F-620000000000}0x629f9d2HighMD5=014CF8D63AB7203B6E7212892C0FD846,SHA256=85231BA8A267677791B7C2E77D957070430A9EA1BE5EEF8C0848C33FF6B0E88D{EF490992-C4F1-6414-1B41-00000000C702}3352C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" MSWIN-SERVER\Administrator 154100x800000000000000028624519Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-03-20 20:27:04.365{EF490992-C198-6418-769B-00000000C702}4184C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe1, 0, 0, 1Remote Command ExecutorRemote System Deployment UtilTalha Tariq - [ talhatariq.wordpress.com ]RemCom.exe"C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe" \\127.0.0.1 /user:attackrange.local\Administrator /pwd:P@ssw0rd1 calc.exeC:\Users\Administrator\Desktop\MSWIN-SERVER\Administrator{EF490992-EEBB-6411-9D9F-620000000000}0x629f9d2HighMD5=014CF8D63AB7203B6E7212892C0FD846,SHA256=85231BA8A267677791B7C2E77D957070430A9EA1BE5EEF8C0848C33FF6B0E88D{EF490992-C4F1-6414-1B41-00000000C702}3352C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" MSWIN-SERVER\Administrator 154100x800000000000000028624177Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-03-20 20:26:54.790{EF490992-C18E-6418-749B-00000000C702}5804C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe1, 0, 0, 1Remote Command ExecutorRemote System Deployment UtilTalha Tariq - [ talhatariq.wordpress.com ]RemCom.exe"C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe" \\127.0.0.1 /user:Administrator /pwd:P@ssw0rd1 calc.exeC:\Users\Administrator\Desktop\MSWIN-SERVER\Administrator{EF490992-EEBB-6411-9D9F-620000000000}0x629f9d2HighMD5=014CF8D63AB7203B6E7212892C0FD846,SHA256=85231BA8A267677791B7C2E77D957070430A9EA1BE5EEF8C0848C33FF6B0E88D{EF490992-C4F1-6414-1B41-00000000C702}3352C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" MSWIN-SERVER\Administrator 154100x800000000000000028623861Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-03-20 20:26:42.268{EF490992-C182-6418-729B-00000000C702}304C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe1, 0, 0, 1Remote Command ExecutorRemote System Deployment UtilTalha Tariq - [ talhatariq.wordpress.com ]RemCom.exe"C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe" \\127.0.0.1 /user:Administrator /pwd:P@ssw0rd1 C:\Windows\System32\calc.exeC:\Users\Administrator\Desktop\MSWIN-SERVER\Administrator{EF490992-EEBB-6411-9D9F-620000000000}0x629f9d2HighMD5=014CF8D63AB7203B6E7212892C0FD846,SHA256=85231BA8A267677791B7C2E77D957070430A9EA1BE5EEF8C0848C33FF6B0E88D{EF490992-C4F1-6414-1B41-00000000C702}3352C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" MSWIN-SERVER\Administrator 154100x800000000000000028621464Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-03-20 20:25:23.960{EF490992-C133-6418-639B-00000000C702}1276C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe1, 0, 0, 1Remote Command ExecutorRemote System Deployment UtilTalha Tariq - [ talhatariq.wordpress.com ]RemCom.exe"C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe"C:\Users\Administrator\Desktop\MSWIN-SERVER\Administrator{EF490992-EEBB-6411-9D9F-620000000000}0x629f9d2HighMD5=014CF8D63AB7203B6E7212892C0FD846,SHA256=85231BA8A267677791B7C2E77D957070430A9EA1BE5EEF8C0848C33FF6B0E88D{EF490992-C4F1-6414-1B41-00000000C702}3352C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" MSWIN-SERVER\Administrator 154100x800000000000000028620912Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-03-20 20:25:02.019{EF490992-C11E-6418-619B-00000000C702}6396C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe1, 0, 0, 1Remote Command ExecutorRemote System Deployment UtilTalha Tariq - [ talhatariq.wordpress.com ]RemCom.exe"C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe" \\localhost /usr:Administrator /pwd:P@ssw0rd1 "C:\Windows\System32\calc.exe"C:\Users\ADMINI~1\AppData\Local\Temp\2\MSWIN-SERVER\Administrator{EF490992-EEBB-6411-9D9F-620000000000}0x629f9d2HighMD5=014CF8D63AB7203B6E7212892C0FD846,SHA256=85231BA8A267677791B7C2E77D957070430A9EA1BE5EEF8C0848C33FF6B0E88D{EF490992-C11D-6418-5F9B-00000000C702}5676C:\Windows\System32\cmd.exe"cmd.exe" /c ""C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe" \\localhost /usr:Administrator /pwd:P@ssw0rd1 "C:\Windows\System32\calc.exe""MSWIN-SERVER\Administrator 154100x800000000000000028620111Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-03-20 20:24:42.721{EF490992-C10A-6418-599B-00000000C702}5412C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe1, 0, 0, 1Remote Command ExecutorRemote System Deployment UtilTalha Tariq - [ talhatariq.wordpress.com ]RemCom.exe"C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe" \\localhost /user:Administrator /pwd:P@ssw0rd1 "C:\Windows\System32\calc.exe"C:\Users\ADMINI~1\AppData\Local\Temp\2\MSWIN-SERVER\Administrator{EF490992-EEBB-6411-9D9F-620000000000}0x629f9d2HighMD5=014CF8D63AB7203B6E7212892C0FD846,SHA256=85231BA8A267677791B7C2E77D957070430A9EA1BE5EEF8C0848C33FF6B0E88D{EF490992-C10A-6418-579B-00000000C702}4144C:\Windows\System32\cmd.exe"cmd.exe" /c ""C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe" \\localhost /user:Administrator /pwd:P@ssw0rd1 "C:\Windows\System32\calc.exe""MSWIN-SERVER\Administrator 154100x800000000000000028618366Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-03-20 20:24:03.852{EF490992-C0E3-6418-4D9B-00000000C702}4100C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe1, 0, 0, 1Remote Command ExecutorRemote System Deployment UtilTalha Tariq - [ talhatariq.wordpress.com ]RemCom.exe"C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe" \\localhost -u Administrator -p P@ssw0rd1 "C:\Windows\System32\calc.exe"C:\Users\ADMINI~1\AppData\Local\Temp\2\MSWIN-SERVER\Administrator{EF490992-EEBB-6411-9D9F-620000000000}0x629f9d2HighMD5=014CF8D63AB7203B6E7212892C0FD846,SHA256=85231BA8A267677791B7C2E77D957070430A9EA1BE5EEF8C0848C33FF6B0E88D{EF490992-C0E3-6418-4B9B-00000000C702}2936C:\Windows\System32\cmd.exe"cmd.exe" /c ""C:\AtomicRedTeam\atomics\T1569.002\bin\remcom.exe" \\localhost -u Administrator -p P@ssw0rd1 "C:\Windows\System32\calc.exe""MSWIN-SERVER\Administrator