154100x80000000000000004101109Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-01 18:20:09.574{0F9A6540-AD59-63DA-D801-00000000BA02}5136C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell.exe Export-PfxCertificateC:\Users\Administrator\ATTACKRANGE\Administrator{0F9A6540-9B21-63DA-EF88-5B0000000000}0x5b88ef2HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{0F9A6540-AD59-63DA-D701-00000000BA02}5660C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c powershell.exe Export-PfxCertificate 154100x80000000000000004101099Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-01 18:20:09.562{0F9A6540-AD59-63DA-D701-00000000BA02}5660C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c powershell.exe Export-PfxCertificateC:\Users\Administrator\ATTACKRANGE\Administrator{0F9A6540-9B21-63DA-EF88-5B0000000000}0x5b88ef2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{0F9A6540-ACF7-63DA-D501-00000000BA02}3628C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe" 154100x80000000000000004100033Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-01 18:16:04.021{0F9A6540-AC64-63DA-D201-00000000BA02}3148C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell.exe Export-PfxCertificate -Cert cert:\LocalMachine\My\EA120017F79A91F9BDB12AFBC63ADEF9D407823D -FilePath C:\temp\test.pfx -Password Password1C:\Users\Administrator\ATTACKRANGE\Administrator{0F9A6540-9B21-63DA-EF88-5B0000000000}0x5b88ef2HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{0F9A6540-AC64-63DA-D101-00000000BA02}3188C:\Windows\System32\cmd.execmd.exe /c PowerShell.exe Export-PfxCertificate -Cert cert:\LocalMachine\My\EA120017F79A91F9BDB12AFBC63ADEF9D407823D -FilePath C:\temp\test.pfx -Password Password1 154100x80000000000000004100025Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-01 18:16:04.010{0F9A6540-AC64-63DA-D101-00000000BA02}3188C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Execmd.exe /c PowerShell.exe Export-PfxCertificate -Cert cert:\LocalMachine\My\EA120017F79A91F9BDB12AFBC63ADEF9D407823D -FilePath C:\temp\test.pfx -Password Password1C:\Users\Administrator\ATTACKRANGE\Administrator{0F9A6540-9B21-63DA-EF88-5B0000000000}0x5b88ef2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{0F9A6540-AC59-63DA-CE01-00000000BA02}5564C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" 154100x80000000000000004099976Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-01 18:15:54.627{0F9A6540-AC5A-63DA-D001-00000000BA02}5548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell.exe Export-PfxCertificate -Cert cert:\LocalMachine\My\EA120017F79A91F9BDB12AFBC63ADEF9D407823D -FilePath C:\temp\test.pfx -Password Password1C:\Users\Administrator\ATTACKRANGE\Administrator{0F9A6540-9B21-63DA-EF88-5B0000000000}0x5b88ef2HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{0F9A6540-AC59-63DA-CE01-00000000BA02}5564C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" 154100x80000000000000004099606Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-01 18:14:54.912{0F9A6540-AC1E-63DA-CB01-00000000BA02}2536C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Export-PfxCertificate -Cert cert:\LocalMachine\My\EA120017F79A91F9BDB12AFBC63ADEF9D407823D -FilePath C:\temp\test.pfxC:\Users\Administrator\ATTACKRANGE\Administrator{0F9A6540-9B21-63DA-EF88-5B0000000000}0x5b88ef2HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{0F9A6540-9B5C-63DA-C001-00000000BA02}6120C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"