154100x800000000000000022030755Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-117-2022-07-29 20:38:29.625{C2494F38-4545-62E4-66E1-020000006202}7796C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\System32\cmd.exeC:\Users\Public\WIN-HOST-MHAAG-\Administrator{C2494F38-6F10-62CC-9353-070000000000}0x753932HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F{C2494F38-4545-62E4-64E1-020000006202}7408C:\Windows\SysWOW64\iscsicpl.exec:\windows\syswow64\iscsicpl.exe c=C:\Windows\System32\cmd.exeWIN-HOST-MHAAG-\Administrator
154100x800000000000000022030604Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-117-2022-07-29 20:38:29.285{C2494F38-4545-62E4-64E1-020000006202}7408C:\Windows\SysWOW64\iscsicpl.exe10.0.14393.0 (rs1_release.160715-1616)Microsoft iSCSI Initiator Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationiscsicpl.exec:\windows\syswow64\iscsicpl.exe c=C:\Windows\System32\cmd.exeC:\Users\Public\WIN-HOST-MHAAG-\Administrator{C2494F38-6F10-62CC-9353-070000000000}0x753932HighMD5=27B2A19367EE1C0500834FE2BE8F4654,SHA256=59505CCFDCB36882DD053B15F4DF2212E73090A3C6EC333E5C1C3A17BA79B8E5{C2494F38-4545-62E4-62E1-020000006202}9204C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /C c:\windows\syswow64\iscsicpl.exe c=C:\Windows\System32\cmd.exeWIN-HOST-MHAAG-\Administrator
154100x800000000000000022030565Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-117-2022-07-29 20:38:29.251{C2494F38-4545-62E4-63E1-020000006202}9156C:\Windows\System32\conhost.exe10.0.14393.0 (rs1_release.160715-1616)Console Window HostMicrosoft® Windows® Operating SystemMicrosoft CorporationCONHOST.EXE\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1C:\WindowsWIN-HOST-MHAAG-\Administrator{C2494F38-6F10-62CC-9353-070000000000}0x753932HighMD5=D752C96401E2540A443C599154FC6FA9,SHA256=046F7A1B4DE67562547ED9A180A72F481FC41E803DE49A96D7D7C731964D53A0{C2494F38-4545-62E4-62E1-020000006202}9204C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /C c:\windows\syswow64\iscsicpl.exe c=C:\Windows\System32\cmd.exeWIN-HOST-MHAAG-\Administrator
154100x800000000000000022030548Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-117-2022-07-29 20:38:29.244{C2494F38-4545-62E4-62E1-020000006202}9204C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C c:\windows\syswow64\iscsicpl.exe c=C:\Windows\System32\cmd.exeC:\Users\Public\WIN-HOST-MHAAG-\Administrator{C2494F38-6F10-62CC-9353-070000000000}0x753932HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F{C2494F38-4507-62E4-17E1-020000006202}6428C:\Users\Administrator\Desktop\beacon.exe"C:\Users\Administrator\Desktop\beacon.exe" WIN-HOST-MHAAG-\Administrator
154100x800000000000000022015969Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-117-2022-07-29 20:33:09.382{C2494F38-4405-62E4-EAE0-020000006202}4248C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL iscsicpl.dll,,0C:\Users\Administrator\Desktop\WIN-HOST-MHAAG-\Administrator{C2494F38-6F10-62CC-9353-070000000000}0x753932HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667{C2494F38-4405-62E4-E9E0-020000006202}6048C:\Windows\SysWOW64\iscsicpl.exe"C:\Windows\syswow64\iscsicpl.exe" WIN-HOST-MHAAG-\Administrator
154100x800000000000000022015908Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-117-2022-07-29 20:33:09.344{C2494F38-4405-62E4-E9E0-020000006202}6048C:\Windows\SysWOW64\iscsicpl.exe10.0.14393.0 (rs1_release.160715-1616)Microsoft iSCSI Initiator Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationiscsicpl.exe"C:\Windows\syswow64\iscsicpl.exe" C:\Users\Administrator\Desktop\WIN-HOST-MHAAG-\Administrator{C2494F38-6F10-62CC-9353-070000000000}0x753932HighMD5=27B2A19367EE1C0500834FE2BE8F4654,SHA256=59505CCFDCB36882DD053B15F4DF2212E73090A3C6EC333E5C1C3A17BA79B8E5{C2494F38-4403-62E4-E8E0-020000006202}9284C:\Users\Administrator\Desktop\iscsicpl_BypassUAC_x86.exe"C:\Users\Administrator\Desktop\iscsicpl_BypassUAC_x86.exe" cmd.exeWIN-HOST-MHAAG-\Administrator
154100x800000000000000022012965Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-117-2022-07-29 20:32:59.325{C2494F38-43FB-62E4-E4E0-020000006202}9736C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL iscsicpl.dll,,0C:\Users\Administrator\Desktop\WIN-HOST-MHAAG-\Administrator{C2494F38-6F10-62CC-9353-070000000000}0x753932HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667{C2494F38-43FB-62E4-E3E0-020000006202}5944C:\Windows\SysWOW64\iscsicpl.exe"C:\Windows\syswow64\iscsicpl.exe" WIN-HOST-MHAAG-\Administrator
154100x800000000000000022012685Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-117-2022-07-29 20:32:59.236{C2494F38-43FB-62E4-E3E0-020000006202}5944C:\Windows\SysWOW64\iscsicpl.exe10.0.14393.0 (rs1_release.160715-1616)Microsoft iSCSI Initiator Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationiscsicpl.exe"C:\Windows\syswow64\iscsicpl.exe" C:\Users\Administrator\Desktop\WIN-HOST-MHAAG-\Administrator{C2494F38-6F10-62CC-9353-070000000000}0x753932HighMD5=27B2A19367EE1C0500834FE2BE8F4654,SHA256=59505CCFDCB36882DD053B15F4DF2212E73090A3C6EC333E5C1C3A17BA79B8E5{C2494F38-43F9-62E4-E1E0-020000006202}6956C:\Users\Administrator\Desktop\iscsicpl_BypassUAC_x86.exe"C:\Users\Administrator\Desktop\iscsicpl_BypassUAC_x86.exe" cmdWIN-HOST-MHAAG-\Administrator