154100x800000000000000080153Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-21 21:05:04.590{62e4af84-a080-673f-6509-00000000f701}5068C:\Windows\System32\mstsc.exe10.0.20348.2520 (WinBuild.160101.0800)Remote Desktop ConnectionMicrosoft® Windows® Operating SystemMicrosoft Corporationmstsc.exe"mstsc.exe" "C:\Users\Administrator\Downloads\invoice\remote_connection (14).rdp"C:\Users\Administrator\Downloads\invoice\AR-WIN-5\Administrator{62e4af84-5fb8-673f-d1ec-070000000000}0x7ecd12HighMD5=D67005D6F03D78B6FBFFB93E62D49369,SHA256=81A6E1EA20CB60DD1007E8536D878FF80A43D475ED2801F6937A3C5ADDA5FCED,IMPHASH=30032A2217E731047F591BC73887FA80{62e4af84-5fb9-673f-f300-00000000f701}4892C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-5\Administrator 15241500x800000000000000080151Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-21 21:05:03.192{62e4af84-5fb9-673f-f300-00000000f701}4892C:\Windows\Explorer.EXEC:\Users\Administrator\Downloads\invoice\remote_connection (14).rdp2024-11-21 18:08:56.000MD5=508176BF1ABCEAEC35AC5F718DD8A14C,SHA256=04F66B70CDF2C7B6750A53728BCAA1899B522EA97BFCEB185F59D01D23A343CB,IMPHASH=00000000000000000000000000000000full address:s:34.221.50.57:3389 username:s:%USERNAME% remoteapplicationmode:i:1 remoteapplicationprogram:s:||AWS Secure Storage Connection Stability Test remoteapplicationname:s:AWS Secure Storage Connection Stability Test remoteapplicationcmdline:s:%USERPROFILE% remoteapplicationicon:s:C:\Windows\System32\mstsc.exe authentication level:i:2 enablecredsspsupport:i:1 negotiate security layer:i:1 prompt for credentials:i:1 drivestoredirect:s:* redirectdrives:i:1 redirectprinters:i:1 redirectcomports:i:1 redirectsmartcards:i:1 redirectclipboard:i:1AR-WIN-5\Administrator 15241500x800000000000000080148Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-21 21:05:03.192{62e4af84-5fb9-673f-f300-00000000f701}4892C:\Windows\Explorer.EXEC:\Users\Administrator\Downloads\invoice\remote_connection (14).rdp2024-11-21 18:08:56.000MD5=508176BF1ABCEAEC35AC5F718DD8A14C,SHA256=04F66B70CDF2C7B6750A53728BCAA1899B522EA97BFCEB185F59D01D23A343CB,IMPHASH=00000000000000000000000000000000full address:s:34.221.50.57:3389 username:s:%USERNAME% remoteapplicationmode:i:1 remoteapplicationprogram:s:||AWS Secure Storage Connection Stability Test remoteapplicationname:s:AWS Secure Storage Connection Stability Test remoteapplicationcmdline:s:%USERPROFILE% remoteapplicationicon:s:C:\Windows\System32\mstsc.exe authentication level:i:2 enablecredsspsupport:i:1 negotiate security layer:i:1 prompt for credentials:i:1 drivestoredirect:s:* redirectdrives:i:1 redirectprinters:i:1 redirectcomports:i:1 redirectsmartcards:i:1 redirectclipboard:i:1AR-WIN-5\Administrator 154100x800000000000000079984Microsoft-Windows-Sysmon/Operationalar-win-5.attackrange.local-2024-11-21 20:38:29.581{62e4af84-9a45-673f-c008-00000000f701}4668C:\Windows\System32\mstsc.exe10.0.20348.2520 (WinBuild.160101.0800)Remote Desktop ConnectionMicrosoft® Windows® Operating SystemMicrosoft Corporationmstsc.exe"mstsc.exe" "C:\Users\Administrator\AppData\Local\Temp\2\1c364188-982b-44fc-892d-3f5307bc7ada_invoice.zip.ada\remote_connection (14).rdp"C:\Windows\system32\AR-WIN-5\Administrator{62e4af84-5fb8-673f-d1ec-070000000000}0x7ecd12HighMD5=D67005D6F03D78B6FBFFB93E62D49369,SHA256=81A6E1EA20CB60DD1007E8536D878FF80A43D475ED2801F6937A3C5ADDA5FCED,IMPHASH=30032A2217E731047F591BC73887FA80{62e4af84-5fb9-673f-f300-00000000f701}4892C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-5\Administrator