154100x80000000000000006496224Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-06 16:27:05.270{0F9A6540-2A59-63E1-1261-00000000BD02}7864C:\Windows\System32\certutil.exe10.0.14393.5127 (rs1_release_inmarket.220514-1756)CertUtil.exeMicrosoft® Windows® Operating SystemMicrosoft CorporationCertUtil.exe"C:\Windows\system32\certutil.exe" -backupdb c:\temp\backups\test2\C:\Users\Administrator\Desktop\ATTACKRANGE\Administrator{0F9A6540-85FD-63DD-75B0-0E0000000000}0xeb0752HighMD5=7AE0376F1B0B190EFBFF716533BC28BA,SHA256=9D8ECEEF7830476102C2CBBE933E1375FFB624574A63BDD8D3B15D3030C9A16D,IMPHASH=442218E88D4D6AA0BE3165DD7B20A4C4{0F9A6540-861B-63DD-BD00-00000000BD02}5956C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 154100x80000000000000006496143Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-06 16:27:00.083{0F9A6540-2A54-63E1-1161-00000000BD02}7928C:\Windows\System32\certutil.exe10.0.14393.5127 (rs1_release_inmarket.220514-1756)CertUtil.exeMicrosoft® Windows® Operating SystemMicrosoft CorporationCertUtil.exe"C:\Windows\system32\certutil.exe" -backupdb c:\temp\backups\testC:\Users\Administrator\Desktop\ATTACKRANGE\Administrator{0F9A6540-85FD-63DD-75B0-0E0000000000}0xeb0752HighMD5=7AE0376F1B0B190EFBFF716533BC28BA,SHA256=9D8ECEEF7830476102C2CBBE933E1375FFB624574A63BDD8D3B15D3030C9A16D,IMPHASH=442218E88D4D6AA0BE3165DD7B20A4C4{0F9A6540-861B-63DD-BD00-00000000BD02}5956C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 154100x80000000000000005013820Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-03 22:11:24.901{0F9A6540-868C-63DD-D700-00000000BD02}3244C:\Windows\System32\certutil.exe10.0.14393.5127 (rs1_release_inmarket.220514-1756)CertUtil.exeMicrosoft® Windows® Operating SystemMicrosoft CorporationCertUtil.exe"C:\Windows\system32\certutil.exe" -backupdb c:\temp\backups\testC:\Users\Administrator\Desktop\ATTACKRANGE\Administrator{0F9A6540-85FD-63DD-75B0-0E0000000000}0xeb0752HighMD5=7AE0376F1B0B190EFBFF716533BC28BA,SHA256=9D8ECEEF7830476102C2CBBE933E1375FFB624574A63BDD8D3B15D3030C9A16D,IMPHASH=442218E88D4D6AA0BE3165DD7B20A4C4{0F9A6540-861B-63DD-BD00-00000000BD02}5956C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 154100x80000000000000005013755Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-03 22:11:19.286{0F9A6540-8687-63DD-D600-00000000BD02}3844C:\Windows\System32\certutil.exe10.0.14393.5127 (rs1_release_inmarket.220514-1756)CertUtil.exeMicrosoft® Windows® Operating SystemMicrosoft CorporationCertUtil.exe"C:\Windows\system32\certutil.exe" -backupdb c:\temp\backupsC:\Users\Administrator\Desktop\ATTACKRANGE\Administrator{0F9A6540-85FD-63DD-75B0-0E0000000000}0xeb0752HighMD5=7AE0376F1B0B190EFBFF716533BC28BA,SHA256=9D8ECEEF7830476102C2CBBE933E1375FFB624574A63BDD8D3B15D3030C9A16D,IMPHASH=442218E88D4D6AA0BE3165DD7B20A4C4{0F9A6540-861B-63DD-BD00-00000000BD02}5956C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 154100x80000000000000002987001Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-01-30 18:27:06.401{0F9A6540-0BFA-63D8-9BD5-00000000B902}3700C:\Windows\System32\certutil.exe10.0.14393.5127 (rs1_release_inmarket.220514-1756)CertUtil.exeMicrosoft® Windows® Operating SystemMicrosoft CorporationCertUtil.exe"C:\Windows\system32\certutil.exe" -backupdb c:\temp\backupsC:\Users\Administrator\ATTACKRANGE\Administrator{0F9A6540-55E0-63D0-DD7B-160000000000}0x167bdd2HighMD5=7AE0376F1B0B190EFBFF716533BC28BA,SHA256=9D8ECEEF7830476102C2CBBE933E1375FFB624574A63BDD8D3B15D3030C9A16D,IMPHASH=442218E88D4D6AA0BE3165DD7B20A4C4{0F9A6540-5673-63D0-4603-00000000B902}6728C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 154100x80000000000000002986690Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-01-30 18:26:45.961{0F9A6540-0BE5-63D8-91D5-00000000B902}8048C:\Windows\System32\certutil.exe10.0.14393.5127 (rs1_release_inmarket.220514-1756)CertUtil.exeMicrosoft® Windows® Operating SystemMicrosoft CorporationCertUtil.exe"C:\Windows\system32\certutil.exe" -backupdb c:\temp\backupsC:\Users\Administrator\ATTACKRANGE\Administrator{0F9A6540-55E0-63D0-DD7B-160000000000}0x167bdd2HighMD5=7AE0376F1B0B190EFBFF716533BC28BA,SHA256=9D8ECEEF7830476102C2CBBE933E1375FFB624574A63BDD8D3B15D3030C9A16D,IMPHASH=442218E88D4D6AA0BE3165DD7B20A4C4{0F9A6540-5673-63D0-4603-00000000B902}6728C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 154100x80000000000000002986640Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-01-30 18:26:37.304{0F9A6540-0BDD-63D8-90D5-00000000B902}2188C:\Windows\System32\certutil.exe10.0.14393.5127 (rs1_release_inmarket.220514-1756)CertUtil.exeMicrosoft® Windows® Operating SystemMicrosoft CorporationCertUtil.exe"C:\Windows\system32\certutil.exe" -backupdbC:\Users\Administrator\ATTACKRANGE\Administrator{0F9A6540-55E0-63D0-DD7B-160000000000}0x167bdd2HighMD5=7AE0376F1B0B190EFBFF716533BC28BA,SHA256=9D8ECEEF7830476102C2CBBE933E1375FFB624574A63BDD8D3B15D3030C9A16D,IMPHASH=442218E88D4D6AA0BE3165DD7B20A4C4{0F9A6540-5673-63D0-4603-00000000B902}6728C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 154100x80000000000000002986514Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-01-30 18:26:26.962{0F9A6540-0BD2-63D8-8FD5-00000000B902}3124C:\Windows\System32\certutil.exe10.0.14393.5127 (rs1_release_inmarket.220514-1756)CertUtil.exeMicrosoft® Windows® Operating SystemMicrosoft CorporationCertUtil.exe"C:\Windows\system32\certutil.exe" -backupdb backup_after_stoppingC:\Users\Administrator\ATTACKRANGE\Administrator{0F9A6540-55E0-63D0-DD7B-160000000000}0x167bdd2HighMD5=7AE0376F1B0B190EFBFF716533BC28BA,SHA256=9D8ECEEF7830476102C2CBBE933E1375FFB624574A63BDD8D3B15D3030C9A16D,IMPHASH=442218E88D4D6AA0BE3165DD7B20A4C4{0F9A6540-5673-63D0-4603-00000000B902}6728C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 154100x80000000000000002986429Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-01-30 18:26:09.876{0F9A6540-0BC1-63D8-8ED5-00000000B902}6720C:\Windows\System32\certutil.exe10.0.14393.5127 (rs1_release_inmarket.220514-1756)CertUtil.exeMicrosoft® Windows® Operating SystemMicrosoft CorporationCertUtil.exe"C:\Windows\system32\certutil.exe" -backupdb backupcertsC:\Users\Administrator\ATTACKRANGE\Administrator{0F9A6540-55E0-63D0-DD7B-160000000000}0x167bdd2HighMD5=7AE0376F1B0B190EFBFF716533BC28BA,SHA256=9D8ECEEF7830476102C2CBBE933E1375FFB624574A63BDD8D3B15D3030C9A16D,IMPHASH=442218E88D4D6AA0BE3165DD7B20A4C4{0F9A6540-5673-63D0-4603-00000000B902}6728C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"