734700x800000000000000024789023Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.849{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\01d67136083932b6c705c0dfd61869f7\Microsoft.CSharp.ni.dll4.8.3761.0Microsoft.CSharp.dllMicrosoft® .NET FrameworkMicrosoft CorporationMicrosoft.CSharp.dllMD5=4E9BE00A9F462A816DA023E507CE4BD9,SHA256=71E146A9D8DA013E1212381F3B4093BC99B320B4BD0D6A9D8C398D5C2577DDA5false-UnavailableATTACKRANGE\Administrator 734700x800000000000000024789020Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.787{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll4.8.3761.0 built by: NET48REL1.NET FrameworkMicrosoft® .NET FrameworkMicrosoft Corporationsystem.transactions.dllMD5=D17E11DDF716089AF736DBA7C4F24C75,SHA256=DF301F2F2A735A1A75EAE79E64CCFDAD335E319B98316E9E875F726FA2CB51D5trueMicrosoft CorporationValidATTACKRANGE\Administrator 734700x800000000000000024788995Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.787{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\c46b88953809c56172c30c2a7d52174c\System.Transactions.ni.dll4.8.3761.0 built by: NET48REL1.NET FrameworkMicrosoft® .NET FrameworkMicrosoft Corporationsystem.transactions.dllMD5=C9B87F3CCE52382C2F785874EF10A895,SHA256=5EA0E414F61FDF71B1C3ABAA77F0BF9629F268C802E88ADB6033185A89E83734false-UnavailableATTACKRANGE\Administrator 734700x800000000000000024788992Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.787{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.P6f792626#\6dbaae1baa6b759a75ee65ca6fe12de0\Microsoft.PowerShell.Security.ni.dll10.0.14393.5127Microsoft Windows PowerShell Management CommandsMicrosoft (R) Windows (R) Operating SystemMicrosoft CorporationMicrosoft.PowerShell.Security.dllMD5=E56C8F7849EDAF6492483B8FE07709FF,SHA256=55DDD07F24F119D4EFFCA2712CA2EA992DE9C68C1233C3B493F875C4A2716053false-UnavailableATTACKRANGE\Administrator 734700x800000000000000024788989Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.755{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll4.8.4465.0 built by: NET48REL1LAST_B.NET FrameworkMicrosoft® .NET FrameworkMicrosoft Corporationsystem.data.dllMD5=66798735E441118C18A7563B77D31340,SHA256=C32948B40DC089AD0A5E2AF5F23CDFF77CC47B2BABA9BC7766DD08928AFD8C15trueMicrosoft CorporationValidATTACKRANGE\Administrator 734700x800000000000000024788964Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.755{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data\d5bb4ed7341244dde88e0b4b618392d6\System.Data.ni.dll4.8.4465.0 built by: NET48REL1LAST_B.NET FrameworkMicrosoft® .NET FrameworkMicrosoft Corporationsystem.data.dllMD5=F272D5B22EDF3A927F701CFDE35030F4,SHA256=C0BE2D832A6B76E8F363F7E2BCC3053AA7E815E1E83F8F36F77DE84E04744563false-UnavailableATTACKRANGE\Administrator 734700x800000000000000024788959Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.740{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\39ab9df07d2f7f57d8ea262bca3dafad\System.Numerics.ni.dll4.8.3761.0 built by: NET48REL1.NET FrameworkMicrosoft® .NET FrameworkMicrosoft CorporationSystem.Numerics.dllMD5=3F7CB439388CDE4109829B47B69E53EB,SHA256=87DF519A1570E4A7DC96D21E67FD4F16120CD0EFEF35854EF277C4C059B226A1false-UnavailableATTACKRANGE\Administrator 734700x800000000000000024788956Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.740{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\gpapi.dll10.0.14393.4467 (rs1_release.210604-1844)Group Policy Client APIMicrosoft® Windows® Operating SystemMicrosoft Corporationgpapi.dllMD5=96BBBC9AD606CF5EBAF525E3AB1C69A5,SHA256=32F0EA9185A6E1DE26E3276BAAB0FB5ED72940D34FE5FFDF5331D91E42794124trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788931Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.724{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dired13b18a9#\c69d105410863fd559af1ffbc9cbfc84\System.DirectoryServices.ni.dll4.8.4510.0 built by: NET48REL1LAST_B.NET FrameworkMicrosoft® .NET FrameworkMicrosoft CorporationSystem.DirectoryServices.dllMD5=D5DA768CB16CA437D88F4C9B4EB81AE5,SHA256=2764D9D725755936779C4689CAFBA487F1D99A39F9D426696CDBE66FA74E751Afalse-UnavailableATTACKRANGE\Administrator 734700x800000000000000024788928Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.724{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\iertutil.dll11.00.14393.5192 (rs1_release.220610-1622)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=A6F71AF0DCDF1637BBBE9E451F9980D6,SHA256=898F66D185498DDDECB8509C19F1F5EDB6030C825AC40B8C8FB1FF5533FA4BF3trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788903Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.708{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\87366578b6e12b0c4ce22c0984cb8a63\System.Management.ni.dll4.8.4450.0 built by: NET48REL1LAST_B.NET FrameworkMicrosoft® .NET FrameworkMicrosoft CorporationSystem.Management.dllMD5=7384EBEA462ECB51CB546CCDD3EF4581,SHA256=D22F98651591A06CD56123DAE7835EFCF60B6283D307FD7EC00E894FADE923DBfalse-UnavailableATTACKRANGE\Administrator 734700x800000000000000024788900Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.694{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Mf49f6405#\667b2a9b0e5adf6e4533113629e785c8\Microsoft.Management.Infrastructure.ni.dll10.0.14393.4046csMicrosoft (R) Windows (R) Operating SystemMicrosoft CorporationMicrosoft.Management.Infrastructure.dllMD5=A3185871E7142BA73BC382D13F1ADD3D,SHA256=97F82DAC40EFF84B528EC3581009F75676B4C99BBA167F7B74CE55C6F8CE863Efalse-UnavailableATTACKRANGE\Administrator 734700x800000000000000024788897Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.694{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\wintrust.dll10.0.14393.5125 (rs1_release.220429-1732)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=55FCE44E89BDA2444619661FE50F43EE,SHA256=420CACA0D821E7E9F1D1E683E9899BC2F6D5A4AA06C8D4BB23335DD9490CC0F8trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788872Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.694{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Users\Administrator\AppData\Roaming\amsi.dll10.0.14393.4169 (rs1_release.210107-1130)Anti-Malware Scan InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationamsi.dllMD5=89C79675F7FEDEB6373C9D2045F7B7C5,SHA256=5B40293CF56D44377A91BF68CF2113F523B61185F02DEEAB621BE51F0ADA6131trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788871Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.694{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\amsi.dll10.0.14393.4169 (rs1_release.210107-1130)Anti-Malware Scan InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationamsi.dllMD5=89C79675F7FEDEB6373C9D2045F7B7C5,SHA256=5B40293CF56D44377A91BF68CF2113F523B61185F02DEEAB621BE51F0ADA6131trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788844Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.662{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\7e06618588012d9acfe1c11e5f73ae5e\System.Management.Automation.ni.dll10.0.14393.5127System.Management.AutomationMicrosoft (R) Windows (R) Operating SystemMicrosoft CorporationSystem.Management.Automation.dllMD5=BBF6DA16CA4A7BB2DE5320BC11613EE2,SHA256=07A0991A0825FA4F813CC91CE3553A3E108A4388390EE927805D823F577E8939false-UnavailableATTACKRANGE\Administrator 734700x800000000000000024788830Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.865{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=43AEE61AFABE70BFC876CC53D6A64E04,SHA256=8A4C893AEB075D3D9EFEC52E49CEF94471EB9F0A91BEB4C07DF38F8A48910C12trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788827Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.802{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\sspicli.dll10.0.14393.5006 (rs1_release.220301-1704)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=F0258C58C8DC45AF9B5AAF9BA49E0C53,SHA256=8E1EAA39742CC0E97D615229E9C13C8447B8D115B4678A1F03BE3E8E20345521trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788826Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.802{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\aa83523bf99efbe6e78d82969a035001\System.Configuration.ni.dll4.8.4190.0 built by: NET48REL1LAST_BSystem.Configuration.dllMicrosoft® .NET FrameworkMicrosoft CorporationSystem.Configuration.dllMD5=C72DC22457897D57F8616C219F2CFA3C,SHA256=D34717DC9D1EF4E96E9A52245A3763CE8770B05E6A0B1C652FCD99F8AB652166false-UnavailableATTACKRANGE\Administrator 734700x800000000000000024788825Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.802{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788824Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.771{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll4.8.4526.0 built by: NET48REL1LAST_BMicrosoft .NET Runtime Just-In-Time CompilerMicrosoft® .NET FrameworkMicrosoft Corporationclrjit.dllMD5=1E97AB4809C6F313924374B955C06609,SHA256=0EED3DC3607EC986FFC8BE594A6656D668647DCC84E2158006123A4EBD273B12trueMicrosoft CorporationValidATTACKRANGE\Administrator 734700x800000000000000024788796Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.755{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788787Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.740{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\WindowsPowerShell\v1.0\pwrshsip.dll10.0.14393.0 (rs1_release.160715-1616)Crypto SIP provider for signing and verifying PowerShell script files (.ps1/.ps1xml)Microsoft® Windows® Operating SystemMicrosoft Corporationpwrshsip.dllMD5=5366DEE11C59571EC48B56020E8949DE,SHA256=EE5CDBEDA2067413ACB7B5E7B4AF53B40336148CA104D1671212B43737EB348CtrueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788774Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.724{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788772Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.724{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\srvcli.dll10.0.14393.5066 (rs1_release.220401-1841)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=75E3DE473374E0BCBBD1EC60036A93EC,SHA256=23EBE577D2080D4C7532184B69E44BF640BB44084F9046A5AF364268A7BDB1ECtrueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788762Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.724{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\xmllite.dll10.0.14393.3143 (rs1_release.190725-1725)Microsoft XmlLite LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationXmlLite.dllMD5=64E301CCFADF34810ADA8DE9DBC7720F,SHA256=6EAE1E0E610793C7DF2B27795553F377D2C4126CF74D8EE4A84DE3C3150871F8trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788760Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.724{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\urlmon.dll11.00.14393.5192 (rs1_release.220610-1622)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=BD9FB3B2954161DB9E7F4F7ECDF0F558,SHA256=AE871DC3FBAA1FFAE37CF6C37CA86954A3E37590257748C0F25CC7E5BCD97349trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788744Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.724{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\OpcServices.dll10.0.14393.2848 (rs1_release.190305-1856)Native Code OPC Services LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationOpcServices.dllMD5=991F8CCB43104DE3BD6E24A4D2BF870D,SHA256=8187C096A269D20742DEC9B651536F1C7A354D114B176179B1F4E090BB28E1F2trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788733Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.724{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\AppxSip.dll10.0.14393.4169 (rs1_release.210107-1130)Appx Subject Interface PackageMicrosoft® Windows® Operating SystemMicrosoft CorporationAppxSip.dllMD5=33AEB645167296EFE22E1BB64B63CBFC,SHA256=6E2B948F3CD7EEC6D9A9A864476F074FB5876E397916FF81A39B23976489AB52trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788715Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.708{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\wshext.dll5.812.10240.16384Microsoft ® Shell Extension for Windows Script HostMicrosoft ® Windows Script HostMicrosoft Corporationwshext.dllMD5=BA425FEBA35E20778ADB8FAF7268D8A0,SHA256=3A2F8057B4312BE9389CB86C8C3FA8BA3A590E3CE811AB163D77159DB095AA41trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788710Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.708{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\msisip.dll5.0.14393.4704 (rs1_release.211004-1917)MSI Signature SIP ProviderWindows Installer - UnicodeMicrosoft CorporationMSISIP.DLLMD5=E05D3AEDC7E9A28DB9CE81C0C4D5DF91,SHA256=E57F53A4ADADE83595524BE8821C726882ABF0BA748471D3F4F502F4D8CDAECCtrueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788695Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.708{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\1f47b92e763dcbca8f60d2612ddd965d\System.Xml.ni.dll4.8.3761.0 built by: NET48REL1.NET FrameworkMicrosoft® .NET FrameworkMicrosoft CorporationSystem.Xml.dllMD5=01F6655832EABC197CC007750402E376,SHA256=04FD469741ACB756B4FA93C6CFDAE38417AE8FAE04FF1608D08F85105D61A33Efalse-UnavailableATTACKRANGE\Administrator 734700x800000000000000024788651Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.694{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=299464D218A27B56684B715365D149FE,SHA256=2BFE4014E06552A9D4201EF9D1C605694AAF2B7B811265EFD91FC6D1C2D48242trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788650Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.694{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\crypt32.dll10.0.14393.4946 (rs1_release.220131-0721)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=341C44C830FB5D4FA58EF6276D9D2511,SHA256=988C82047689A625BA54959D2DB401A6891B9C00CF8A262842FBA2F032519283trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788649Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.694{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\wldp.dll10.0.14393.5006 (rs1_release.220301-1704)Windows Lockdown PolicyMicrosoft® Windows® Operating SystemMicrosoft Corporationwldp.dllMD5=E0E13482A64635E305045F9EECAF4F53,SHA256=68291C8D8C6C8CDC112A9BA73B28C5C29CD87017E96DBCC5009B9BCDBDDEF326trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788648Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.678{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=0BC84513575743DA177F3DFE18D35CA7,SHA256=C40F6AA73073995E05E5379AE593A6617E8296C79A78BD7F716D95F98AE0D899trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788647Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.678{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=FC58D75DDAF44088B9101BE2418B1967,SHA256=74A0CCA04F2405A329897A6A1A3E90A0CE48E5772F85E7188C75677CD9D78160trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788646Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.678{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=C55F634054E45C0DEE47C254AE009928,SHA256=76EB0FCA87C3AD5FA1C46EB0AF88CF85E172525029E33F5DFC5645EF2EE6F575trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788645Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.678{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\windows.storage.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=DA13920992ACB77F5E06DE2398E5DEC5,SHA256=94D92AC6181D8EE7F8757A146EB7FC5A2651376D43830FECF1FCD9F763A6B20CtrueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788644Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.678{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=77BF2979C1A08EBA43C24FE0B7E547BE,SHA256=071E00374806E043A2E78E88C7FDDCE8F5983DE665DF41F3B3210660BF2EF704trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788642Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.678{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\shell32.dll10.0.14393.5192 (rs1_release.220610-1622)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=6D98EECDFB6F22BDE55DA37FE9A3940D,SHA256=C55706CA5440A659FD873A0670C650ADAA63A504CB790DDC42A09BB81651DB1AtrueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788640Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.646{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pb378ec07#\4484a6212d4303988d3dda6acac05dcb\Microsoft.PowerShell.ConsoleHost.ni.dll10.0.14393.5127Microsoft.PowerShell.ConsoleHostMicrosoft (R) Windows (R) Operating SystemMicrosoft CorporationMicrosoft.PowerShell.ConsoleHost.dllMD5=F9E3C8E457DF902139E83DC484FE32DA,SHA256=523E775681F89AB68DF0D62A1FA7A0C371C17085835B41CC0250A79A7F25A8FAfalse-UnavailableATTACKRANGE\Administrator 734700x800000000000000024788637Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.662{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A82FB68F785E73141F5ABC91850595A8,SHA256=416DE0DA209CDCBE9B5D1A868CE972F8FE3399FF62E84EFD46D6FD49BDF7B7B2trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788636Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.662{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FEtrueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788635Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.662{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=63231EA984BC614584102A96D4F35CB4,SHA256=13C5BD283C01B0D50D8D0D99E88FC67F9234FA14A6860AB2B6EE552199FF6A74trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788634Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.662{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=28140830C342F475A597B2D54C42DFFA,SHA256=99E23D0177C6DC59AD72DEEC46CFB995828EF567F001261BC65532B6DDEAD862trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788632Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.646{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778CtrueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788629Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.646{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\285202901f3c1f37fc0aedd810c76138\System.Core.ni.dll4.8.4526.0 built by: NET48REL1LAST_B.NET FrameworkMicrosoft® .NET FrameworkMicrosoft CorporationSystem.Core.dllMD5=C788288F4C40D6EC0EC7DE2DE199DBB5,SHA256=13D04D49CC42A92B5157A661DCEFBEF44B6B23777B3B8AB5AE92CA523E673DFCfalse-UnavailableATTACKRANGE\Administrator 734700x800000000000000024788628Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.646{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\System\cffd7931a364802b9133934cad751466\System.ni.dll4.8.4494.0 built by: NET48REL1LAST_B.NET FrameworkMicrosoft® .NET FrameworkMicrosoft CorporationSystem.dllMD5=7700F069ABFDAA40EFDA30B79098A64F,SHA256=9AA41741F785FF3CB5F3CDEC8C5CA34EEAC8F7F76DCB0133FCFE9B189E08EA88false-UnavailableATTACKRANGE\Administrator 734700x800000000000000024788627Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.646{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\f15060e8f3f59f5ab00760f997a36672\mscorlib.ni.dll4.8.4526.0 built by: NET48REL1LAST_BMicrosoft Common Language Runtime Class LibraryMicrosoft® .NET FrameworkMicrosoft Corporationmscorlib.dllMD5=06E661551B61E29907B1CF0D4EBB955B,SHA256=E62035FBB0E5259597695708F9B10FDD5D5FF5459D659EAB880FA265E8E8DF2EtrueMicrosoft CorporationValidATTACKRANGE\Administrator 734700x800000000000000024788626Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.646{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\psapi.dll10.0.14393.0 (rs1_release.160715-1616)Process Status HelperMicrosoft® Windows® Operating SystemMicrosoft CorporationPSAPIMD5=1AF6CD8B7CE4A852F67AA98C71AA1D26,SHA256=EF0DE008500A8C9C7908383AF11AE55845EBBE28C96C013EA720950BA89D3D28trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788625Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.630{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\ucrtbase_clr0400.dll14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationucrtbase_clr0400.dllMD5=F8F171BE1820544E15B555847005355C,SHA256=CDDF9A2BF085AE59BA464B3BA6394AACFC342DA5F17D77FD5306054C8AABF153trueMicrosoft CorporationValidATTACKRANGE\Administrator 734700x800000000000000024788624Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.630{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\vcruntime140_clr0400.dll14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140_clr0400.dllMD5=63936588122BDEE9624D02CE3F8F54EA,SHA256=21F7E6165CE8DD92DB8CDF48CEE83DE64B2B0807B7B499CF87678B70C6F8C32FtrueMicrosoft CorporationValidATTACKRANGE\Administrator 734700x800000000000000024788621Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.630{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll4.8.4526.0 built by: NET48REL1LAST_BMicrosoft .NET Runtime Common Language Runtime - WorkStationMicrosoft® .NET FrameworkMicrosoft Corporationclr.dllMD5=3E93DA6D9661961064868E1DC8719674,SHA256=94E0505EFFF30A222546870508A8016D3EABE0F1B05ECC51997153AB9D9188DFtrueMicrosoft CorporationValidATTACKRANGE\Administrator 734700x800000000000000024788620Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.630{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\version.dll10.0.14393.0 (rs1_release.160715-1616)Version Checking and File Installation LibrariesMicrosoft® Windows® Operating SystemMicrosoft CorporationVERSION.DLLMD5=CFDB018AC09F879CAAE7A66CA7880D57,SHA256=6AB95FD0D142CFFC3B9455AF51F003E1CD75B7F4323820390B975F9E1C8A47A5trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788619Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.630{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659CtrueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788618Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.630{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\shlwapi.dll10.0.14393.5125 (rs1_release.220429-1732)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=407E895A220DE1A60C5B555A113FE998,SHA256=FE184347784F83953457146562E0F6C87C8DA04D0288415465631325A2A98C92trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788617Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.599{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\atl.dll3.05.2284ATL Module for Windows XP (Unicode)Microsoft (R) Visual C++Microsoft CorporationATL.DLLMD5=C1B73181019C1E1F28F4161B5F198B7F,SHA256=C3678504437D23910C18D3680B05B4E819A2229BDD0E1E0567186C70D814560DtrueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788593Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.630{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll4.8.4180.0 built by: NET48REL1LAST_BMicrosoft .NET Runtime Execution EngineMicrosoft® .NET FrameworkMicrosoft Corporationmscoreei.dllMD5=899A8B655E52A061B33571D97C5C06ED,SHA256=DE05B03E37FB9BA5D74CF8FA36A6F0B15AB61705285B738BC90D14FDE580A45EtrueMicrosoft CorporationValidATTACKRANGE\Administrator 734700x800000000000000024788591Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.615{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=E1024CF2E35DD3467F52BC83F7FEDA3F,SHA256=59C87761AD509BD096C2F35257C2370FB94B95160CB63FB9E66DFD8210AB002AtrueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788590Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.615{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\mscoree.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft .NET Runtime Execution EngineMicrosoft® Windows® Operating SystemMicrosoft Corporationmscoree.dllMD5=5ECE402D7E12EC3750D044BF3D878DF6,SHA256=3F02B1AE7B61BC36B04EA2B82ED79F112219F4E9668518030FF14B005E2C9BBCtrueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788589Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.599{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788588Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.599{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\gdi32full.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F284A98093B423946252259D7D2857D3,SHA256=193F70529B68EF108EA17ABC069E6DACF4541A547DF1D2F249F7555A58BCFA07trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788587Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.599{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75EtrueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788586Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.599{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788584Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.599{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=54417B63FB3760BC6DBC5DB1BDA4C272,SHA256=B7A8B457B252AB949C067D5FCFEFB2AE98E9115B958D2A0FC120D7B13B3E9FADtrueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788583Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.599{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788581Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.599{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788580Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.599{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788579Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.599{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\combase.dll10.0.14393.5192 (rs1_release.220610-1622)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=336FBB55FF4D4E5A05343A51C98A8F74,SHA256=FD42EBCB39DD4311FA7515010FF4D08AC4DFF7D5C35FCB23207833ED4C2E8444trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788578Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.599{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=EB53D1BF6E1667C8727EBBB5D5A862ED,SHA256=2B3D48DFA43A284B1C66A8A98B0A48104133D86EEEB2E8E060BE2281CF476348trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788577Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.599{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\rpcrt4.dll10.0.14393.5192 (rs1_release.220610-1622)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=10B8B28AD9FDD41A2EB75DE349C25523,SHA256=56BB0955AF60E4E9FEDF3AC83FB96CCC1D66A8540F3450BAC3F30CD16BF16416trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788576Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.599{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=9F0F4C38A22FC9FFB8814F77A9563680,SHA256=E9ABDA1063716301F5D06DBC94D6A35B3F53A14B946525E5F764485132DB6166trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788575Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.599{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788574Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.583{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\advapi32.dll10.0.14393.4886 (rs1_release.220104-1735)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C42106182CCA611F629E46981D1A0EEA,SHA256=68C134F95A8D38AE84545C8D581F4BF808B6C9D97513EA3CABF019C66419CBAEtrueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788573Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.568{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Users\Administrator\AppData\Roaming\updater.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436trueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788548Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.583{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\KernelBase.dll10.0.14393.5125 (rs1_release.220429-1732)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=D8F18C830B03B0D60C10093ECB020E60,SHA256=CF0D33CEC46BB41C6F5693A84491ACD7F7CBECB429BA6C47AB5A170D4DF3484FtrueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788546Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.583{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\kernel32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=92D599E644B89C0F9E7DDB55762EBEA6,SHA256=F32D28EE73EADAF9EF3F30145FA3C52B88DF47236B8747434750832BF1B9CDEEtrueMicrosoft WindowsValidATTACKRANGE\Administrator 734700x800000000000000024788544Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-602.attackrange.local-2022-08-18 11:49:18.583{181C2EA7-273E-62FE-3224-000000006102}2744C:\Users\Administrator\AppData\Roaming\updater.exeC:\Windows\System32\ntdll.dll10.0.14393.5006 (rs1_release.220301-1704)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=F5EE39B17A8BCDEDC3D40997C26F62B1,SHA256=11C1C88B1CC11D9800DEEF27ED7ABDFDE3DC852687A3B9FBD5153284106E5952trueMicrosoft WindowsValidATTACKRANGE\Administrator