4688201331200x8020000000000000368004Securityar-win-2.attackrange.localAR-WIN-2\AdministratorAdministratorAR-WIN-20x9894e0x1170C:\Windows\SysWOW64\cacls.exe%%19360x13acCACLS "metado.exe" /P "Administrator:R" /ENULL SID--0x0C:\Windows\SysWOW64\cmd.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000368003Securityar-win-2.attackrange.localAR-WIN-2\AdministratorAdministratorAR-WIN-20x9894e0x13f0C:\Windows\SysWOW64\cacls.exe%%19360x13acCACLS "metado.exe" /P "Administrator:N"NULL SID--0x0C:\Windows\SysWOW64\cmd.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000368000Securityar-win-2.attackrange.localAR-WIN-2\AdministratorAdministratorAR-WIN-20x9894e0x13acC:\Windows\SysWOW64\cmd.exe%%19360x132c"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitNULL SID--0x0C:\Users\Administrator\a9e2a16078\metado.exeMandatory Label\High Mandatory Level 154100x800000000000000015724Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 12:51:57.803{03799797-42ED-6477-DB00-00000000F002}2732C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "..\a9e2a16078" /P "Administrator:R" /EC:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-42E0-6477-4E89-090000000000}0x9894e2HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-42ED-6477-D400-00000000F002}5036C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000015723Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 12:51:57.766{03799797-42ED-6477-DA00-00000000F002}3868C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "..\a9e2a16078" /P "Administrator:N"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-42E0-6477-4E89-090000000000}0x9894e2HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-42ED-6477-D400-00000000F002}5036C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000015722Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 12:51:57.760{03799797-42ED-6477-D900-00000000F002}3768C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /S /D /c" echo Y"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-42E0-6477-4E89-090000000000}0x9894e2HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F,IMPHASH=B20DE9D5F257E3C5BDD2834F89FC042A{03799797-42ED-6477-D400-00000000F002}5036C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000015720Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 12:51:57.705{03799797-42ED-6477-D800-00000000F002}4464C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "metado.exe" /P "Administrator:R" /EC:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-42E0-6477-4E89-090000000000}0x9894e2HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-42ED-6477-D400-00000000F002}5036C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000015719Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 12:51:57.603{03799797-42ED-6477-D700-00000000F002}5104C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "metado.exe" /P "Administrator:N"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-42E0-6477-4E89-090000000000}0x9894e2HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-42ED-6477-D400-00000000F002}5036C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000015718Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 12:51:57.591{03799797-42ED-6477-D600-00000000F002}5096C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /S /D /c" echo Y"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-42E0-6477-4E89-090000000000}0x9894e2HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F,IMPHASH=B20DE9D5F257E3C5BDD2834F89FC042A{03799797-42ED-6477-D400-00000000F002}5036C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000015717Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 12:51:57.451{03799797-42ED-6477-D400-00000000F002}5036C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitC:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-42E0-6477-4E89-090000000000}0x9894e2HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F,IMPHASH=B20DE9D5F257E3C5BDD2834F89FC042A{03799797-42ED-6477-D000-00000000F002}4908C:\Users\Administrator\a9e2a16078\metado.exe"C:\Users\Administrator\a9e2a16078\metado.exe" AR-WIN-2\Administrator 154100x800000000000000014844Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 08:12:01.050{03799797-0151-6477-1101-00000000EF02}4308C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "..\a9e2a16078" /P "Administrator:R" /EC:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-FE42-6476-3BE8-050000000000}0x5e83b2HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-0150-6477-0A01-00000000EF02}4524C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000014843Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 08:12:01.029{03799797-0151-6477-1001-00000000EF02}2608C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "..\a9e2a16078" /P "Administrator:N"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-FE42-6476-3BE8-050000000000}0x5e83b2HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-0150-6477-0A01-00000000EF02}4524C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000014842Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 08:12:01.026{03799797-0151-6477-0F01-00000000EF02}4804C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /S /D /c" echo Y"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-FE42-6476-3BE8-050000000000}0x5e83b2HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F,IMPHASH=B20DE9D5F257E3C5BDD2834F89FC042A{03799797-0150-6477-0A01-00000000EF02}4524C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000014841Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 08:12:01.006{03799797-0151-6477-0E01-00000000EF02}1060C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "metado.exe" /P "Administrator:R" /EC:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-FE42-6476-3BE8-050000000000}0x5e83b2HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-0150-6477-0A01-00000000EF02}4524C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 4688201331200x8020000000000000367472Securityar-win-2.attackrange.localAR-WIN-2\AdministratorAdministratorAR-WIN-20x5e83b0x424C:\Windows\SysWOW64\cacls.exe%%19360x11acCACLS "metado.exe" /P "Administrator:R" /ENULL SID--0x0C:\Windows\SysWOW64\cmd.exeMandatory Label\High Mandatory Level 154100x800000000000000014840Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 08:12:00.976{03799797-0150-6477-0D01-00000000EF02}4832C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "metado.exe" /P "Administrator:N"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-FE42-6476-3BE8-050000000000}0x5e83b2HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-0150-6477-0A01-00000000EF02}4524C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000014839Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 08:12:00.965{03799797-0150-6477-0C01-00000000EF02}4048C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /S /D /c" echo Y"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-FE42-6476-3BE8-050000000000}0x5e83b2HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F,IMPHASH=B20DE9D5F257E3C5BDD2834F89FC042A{03799797-0150-6477-0A01-00000000EF02}4524C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000014838Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 08:12:00.727{03799797-0150-6477-0A01-00000000EF02}4524C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitC:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-FE42-6476-3BE8-050000000000}0x5e83b2HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F,IMPHASH=B20DE9D5F257E3C5BDD2834F89FC042A{03799797-0150-6477-0701-00000000EF02}5032C:\Users\Administrator\a9e2a16078\metado.exe"C:\Users\Administrator\a9e2a16078\metado.exe"AR-WIN-2\Administrator 4688201331200x8020000000000000367471Securityar-win-2.attackrange.localAR-WIN-2\AdministratorAdministratorAR-WIN-20x5e83b0x12e0C:\Windows\SysWOW64\cacls.exe%%19360x11acCACLS "metado.exe" /P "Administrator:N"NULL SID--0x0C:\Windows\SysWOW64\cmd.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000367468Securityar-win-2.attackrange.localAR-WIN-2\AdministratorAdministratorAR-WIN-20x5e83b0x11acC:\Windows\SysWOW64\cmd.exe%%19360x13a8"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitNULL SID--0x0C:\Users\Administrator\a9e2a16078\metado.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000367339Securityar-win-2.attackrange.localAR-WIN-2\AdministratorAdministratorAR-WIN-20x5e83b0x1200C:\Windows\SysWOW64\cacls.exe%%19360x11a0CACLS "metado.exe" /P "Administrator:R" /ENULL SID--0x0C:\Windows\SysWOW64\cmd.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000367338Securityar-win-2.attackrange.localAR-WIN-2\AdministratorAdministratorAR-WIN-20x5e83b0x11e4C:\Windows\SysWOW64\cacls.exe%%19360x11a0CACLS "metado.exe" /P "Administrator:N"NULL SID--0x0C:\Windows\SysWOW64\cmd.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000367335Securityar-win-2.attackrange.localAR-WIN-2\AdministratorAdministratorAR-WIN-20x5e83b0x11a0C:\Windows\SysWOW64\cmd.exe%%19360x1020"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitNULL SID--0x0C:\Users\Administrator\a9e2a16078\metado.exeMandatory Label\High Mandatory Level 154100x800000000000000014181Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 07:59:02.985{03799797-FE46-6476-9800-00000000EF02}4660C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "..\a9e2a16078" /P "Administrator:R" /EC:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-FE42-6476-3BE8-050000000000}0x5e83b2HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-FE46-6476-9100-00000000EF02}4512C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000014180Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 07:59:02.964{03799797-FE46-6476-9700-00000000EF02}4636C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "..\a9e2a16078" /P "Administrator:N"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-FE42-6476-3BE8-050000000000}0x5e83b2HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-FE46-6476-9100-00000000EF02}4512C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000014179Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 07:59:02.961{03799797-FE46-6476-9600-00000000EF02}4628C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /S /D /c" echo Y"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-FE42-6476-3BE8-050000000000}0x5e83b2HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F,IMPHASH=B20DE9D5F257E3C5BDD2834F89FC042A{03799797-FE46-6476-9100-00000000EF02}4512C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000014178Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 07:59:02.934{03799797-FE46-6476-9500-00000000EF02}4608C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "metado.exe" /P "Administrator:R" /EC:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-FE42-6476-3BE8-050000000000}0x5e83b2HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-FE46-6476-9100-00000000EF02}4512C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000014177Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 07:59:02.867{03799797-FE46-6476-9400-00000000EF02}4580C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "metado.exe" /P "Administrator:N"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-FE42-6476-3BE8-050000000000}0x5e83b2HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-FE46-6476-9100-00000000EF02}4512C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000014176Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 07:59:02.860{03799797-FE46-6476-9300-00000000EF02}4568C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /S /D /c" echo Y"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-FE42-6476-3BE8-050000000000}0x5e83b2HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F,IMPHASH=B20DE9D5F257E3C5BDD2834F89FC042A{03799797-FE46-6476-9100-00000000EF02}4512C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000014175Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-31 07:59:02.806{03799797-FE46-6476-9100-00000000EF02}4512C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitC:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-FE42-6476-3BE8-050000000000}0x5e83b2HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F,IMPHASH=B20DE9D5F257E3C5BDD2834F89FC042A{03799797-FE45-6476-8E00-00000000EF02}4128C:\Users\Administrator\a9e2a16078\metado.exe"C:\Users\Administrator\a9e2a16078\metado.exe"AR-WIN-2\Administrator 4688201331200x8020000000000000366878Securityar-win-2.attackrange.localAR-WIN-2\AdministratorAdministratorAR-WIN-20x5e4940x7f8C:\Windows\SysWOW64\cacls.exe%%19360x1b98CACLS "metado.exe" /P "Administrator:R" /ENULL SID--0x0C:\Windows\SysWOW64\cmd.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000366877Securityar-win-2.attackrange.localAR-WIN-2\AdministratorAdministratorAR-WIN-20x5e4940x11a0C:\Windows\SysWOW64\cacls.exe%%19360x1b98CACLS "metado.exe" /P "Administrator:N"NULL SID--0x0C:\Windows\SysWOW64\cmd.exeMandatory Label\High Mandatory Level 154100x800000000000000013478Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-30 16:29:01.185{03799797-244D-6476-3002-00000000EE02}6760C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "..\a9e2a16078" /P "Administrator:R" /EC:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-1E2C-6476-94E4-050000000000}0x5e4942HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-244C-6476-2902-00000000EE02}7064C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000013477Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-30 16:29:01.167{03799797-244D-6476-2F02-00000000EE02}3696C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "..\a9e2a16078" /P "Administrator:N"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-1E2C-6476-94E4-050000000000}0x5e4942HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-244C-6476-2902-00000000EE02}7064C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000013476Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-30 16:29:01.164{03799797-244D-6476-2E02-00000000EE02}5504C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /S /D /c" echo Y"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-1E2C-6476-94E4-050000000000}0x5e4942HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F,IMPHASH=B20DE9D5F257E3C5BDD2834F89FC042A{03799797-244C-6476-2902-00000000EE02}7064C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000013475Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-30 16:29:01.111{03799797-244D-6476-2D02-00000000EE02}2040C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "metado.exe" /P "Administrator:R" /EC:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-1E2C-6476-94E4-050000000000}0x5e4942HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-244C-6476-2902-00000000EE02}7064C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000013474Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-30 16:29:01.093{03799797-244D-6476-2C02-00000000EE02}4512C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "metado.exe" /P "Administrator:N"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-1E2C-6476-94E4-050000000000}0x5e4942HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-244C-6476-2902-00000000EE02}7064C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000013473Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-30 16:29:01.086{03799797-244D-6476-2B02-00000000EE02}4968C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /S /D /c" echo Y"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-1E2C-6476-94E4-050000000000}0x5e4942HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F,IMPHASH=B20DE9D5F257E3C5BDD2834F89FC042A{03799797-244C-6476-2902-00000000EE02}7064C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000013472Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-30 16:29:00.987{03799797-244C-6476-2902-00000000EE02}7064C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitC:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-1E2C-6476-94E4-050000000000}0x5e4942HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F,IMPHASH=B20DE9D5F257E3C5BDD2834F89FC042A{03799797-244C-6476-2602-00000000EE02}6808C:\Users\Administrator\a9e2a16078\metado.exe"C:\Users\Administrator\a9e2a16078\metado.exe"AR-WIN-2\Administrator 4688201331200x8020000000000000366874Securityar-win-2.attackrange.localAR-WIN-2\AdministratorAdministratorAR-WIN-20x5e4940x1b98C:\Windows\SysWOW64\cmd.exe%%19360x1a98"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitNULL SID--0x0C:\Users\Administrator\a9e2a16078\metado.exeMandatory Label\High Mandatory Level 154100x800000000000000010434Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-30 16:12:46.034{03799797-207E-6476-7A01-00000000EE02}4920C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "..\a9e2a16078" /P "Administrator:R" /EC:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-1E2C-6476-94E4-050000000000}0x5e4942HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-207D-6476-7201-00000000EE02}6636C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 4688201331200x8020000000000000366200Securityar-win-2.attackrange.localAR-WIN-2\AdministratorAdministratorAR-WIN-20x5e4940x1544C:\Windows\SysWOW64\cacls.exe%%19360x19ecCACLS "metado.exe" /P "Administrator:R" /ENULL SID--0x0C:\Windows\SysWOW64\cmd.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000366199Securityar-win-2.attackrange.localAR-WIN-2\AdministratorAdministratorAR-WIN-20x5e4940xf54C:\Windows\SysWOW64\cacls.exe%%19360x19ecCACLS "metado.exe" /P "Administrator:N"NULL SID--0x0C:\Windows\SysWOW64\cmd.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000366196Securityar-win-2.attackrange.localAR-WIN-2\AdministratorAdministratorAR-WIN-20x5e4940x19ecC:\Windows\SysWOW64\cmd.exe%%19360x1078"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitNULL SID--0x0C:\Users\Administrator\a9e2a16078\metado.exeMandatory Label\High Mandatory Level 154100x800000000000000010433Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-30 16:12:45.980{03799797-207D-6476-7901-00000000EE02}5372C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "..\a9e2a16078" /P "Administrator:N"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-1E2C-6476-94E4-050000000000}0x5e4942HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-207D-6476-7201-00000000EE02}6636C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000010432Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-30 16:12:45.971{03799797-207D-6476-7801-00000000EE02}3480C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /S /D /c" echo Y"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-1E2C-6476-94E4-050000000000}0x5e4942HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F,IMPHASH=B20DE9D5F257E3C5BDD2834F89FC042A{03799797-207D-6476-7201-00000000EE02}6636C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000010427Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-30 16:12:45.940{03799797-207D-6476-7601-00000000EE02}5444C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "metado.exe" /P "Administrator:R" /EC:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-1E2C-6476-94E4-050000000000}0x5e4942HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-207D-6476-7201-00000000EE02}6636C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000010426Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-30 16:12:45.902{03799797-207D-6476-7501-00000000EE02}3924C:\Windows\SysWOW64\cacls.exe10.0.14393.0 (rs1_release.160715-1616)Control ACLs ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationCACLS.EXECACLS "metado.exe" /P "Administrator:N"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-1E2C-6476-94E4-050000000000}0x5e4942HighMD5=87FDB9AA5BE6641368E858252EEE6200,SHA256=AA37A9CA5BF8823635BCE909C8D3BD97CD44080A20D1CD7E1C4DD4C85BAC25D0,IMPHASH=BB79291773EF9B07F3AEAE01575871C2{03799797-207D-6476-7201-00000000EE02}6636C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000010425Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-30 16:12:45.891{03799797-207D-6476-7401-00000000EE02}5512C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /S /D /c" echo Y"C:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-1E2C-6476-94E4-050000000000}0x5e4942HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F,IMPHASH=B20DE9D5F257E3C5BDD2834F89FC042A{03799797-207D-6476-7201-00000000EE02}6636C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitAR-WIN-2\Administrator 154100x800000000000000010423Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-30 16:12:45.684{03799797-207D-6476-7201-00000000EE02}6636C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "metado.exe" /P "Administrator:N"&&CACLS "metado.exe" /P "Administrator:R" /E&&echo Y|CACLS "..\a9e2a16078" /P "Administrator:N"&&CACLS "..\a9e2a16078" /P "Administrator:R" /E&&ExitC:\Users\Administrator\a9e2a16078\AR-WIN-2\Administrator{03799797-1E2C-6476-94E4-050000000000}0x5e4942HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F,IMPHASH=B20DE9D5F257E3C5BDD2834F89FC042A{03799797-207D-6476-6D01-00000000EE02}4216C:\Users\Administrator\a9e2a16078\metado.exe"C:\Users\Administrator\a9e2a16078\metado.exe" AR-WIN-2\Administrator