11241100x8000000000000000164255813Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-10 16:42:57.899{EF490992-8FFB-645A-7087-00000000CE02}7068C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Registration\08f95636-8d05-41a2-8eeb-990dfd1c5efc.08f95636-8d05-41a2-8eeb-990dfd1c5efc.crmlog2023-05-10 16:42:57.879MSWIN-SERVER\Administrator 23542300x8000000000000000164255812Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-10 16:42:57.899{EF490992-8FFB-645A-7087-00000000CE02}7068MSWIN-SERVER\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Registration\08f95636-8d05-41a2-8eeb-990dfd1c5efc.08f95636-8d05-41a2-8eeb-990dfd1c5efc.crmlogMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855falsetrue 11241100x8000000000000000164255811Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-10 16:42:57.879{EF490992-8FFB-645A-7087-00000000CE02}7068C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Registration\08f95636-8d05-41a2-8eeb-990dfd1c5efc.08f95636-8d05-41a2-8eeb-990dfd1c5efc.crmlog2023-05-10 16:42:57.879MSWIN-SERVER\Administrator 11241100x8000000000000000164225143Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-10 16:21:52.340{EF490992-8FFB-645A-7087-00000000CE02}7068C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Registration\d15192f0-6d79-4561-93ac-f798ec45a719.d15192f0-6d79-4561-93ac-f798ec45a719.crmlog2023-05-10 16:21:52.307MSWIN-SERVER\Administrator 23542300x8000000000000000164225142Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-10 16:21:52.340{EF490992-8FFB-645A-7087-00000000CE02}7068MSWIN-SERVER\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Registration\d15192f0-6d79-4561-93ac-f798ec45a719.d15192f0-6d79-4561-93ac-f798ec45a719.crmlogMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855falsetrue 11241100x8000000000000000164225141Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-10 16:21:52.307{EF490992-8FFB-645A-7087-00000000CE02}7068C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Registration\d15192f0-6d79-4561-93ac-f798ec45a719.d15192f0-6d79-4561-93ac-f798ec45a719.crmlog2023-05-10 16:21:52.307MSWIN-SERVER\Administrator 23542300x80000000000000003348338Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-10 15:31:03.120{a759a8bc-9d90-645b-7781-000000000f00}2164DESKTOP-92OQLA1\Michael HaagC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Registration\c9e8d4af-1fd9-471b-9f0b-89c53962ba55.c9e8d4af-1fd9-471b-9f0b-89c53962ba55.crmlogMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x80000000000000003320182Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-10 13:37:22.104{a759a8bc-9d90-645b-7781-000000000f00}2164DESKTOP-92OQLA1\Michael HaagC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Registration\25c60baa-6555-4662-8116-ae4e21f28d57.25c60baa-6555-4662-8116-ae4e21f28d57.crmlogMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x80000000000000003319543Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-10 13:35:24.568{a759a8bc-9d90-645b-7781-000000000f00}2164DESKTOP-92OQLA1\Michael HaagC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Registration\13c1ec9a-6da0-4911-aca0-288493729d1f.13c1ec9a-6da0-4911-aca0-288493729d1f.crmlogMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x80000000000000003318113Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-10 13:34:43.801{a759a8bc-7e15-645a-1a65-000000000f00}7216DESKTOP-92OQLA1\Michael HaagC:\Program Files\PowerShell\7-preview\pwsh.exeC:\Windows\Registration\ff701331-7c5b-44d0-b7f6-38afbb2e0609.ff701331-7c5b-44d0-b7f6-38afbb2e0609.crmlogMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x8000000000000000163957420Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-10 13:28:50.707{EF490992-8FFB-645A-7087-00000000CE02}7068C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Registration\cac83ed5-9d6e-4ff5-a576-a00361fffceb.cac83ed5-9d6e-4ff5-a576-a00361fffceb.crmlog2023-05-10 13:28:50.707MSWIN-SERVER\Administrator 11241100x8000000000000000162505047Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-09 20:56:43.373{EF490992-8FFB-645A-7087-00000000CE02}7068C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Registration\baf52e28-4a25-4ffc-bcf8-f9cd68ae5d86.crmlog2023-05-09 20:56:43.373MSWIN-SERVER\Administrator 11241100x8000000000000000162504412Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-09 20:56:11.102{EF490992-8FFB-645A-7087-00000000CE02}7068C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Registration\28a0e2d2-9734-41cb-8f6f-db1727f2acfd.28a0e2d2-9734-41cb-8f6f-db1727f2acfd.crmlog2023-05-09 20:56:11.102MSWIN-SERVER\Administrator 11241100x8000000000000000162501774Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-09 20:54:43.287{EF490992-8FFB-645A-7087-00000000CE02}7068C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Registration\fb206a86-68af-4517-882b-16e12b92b34c.fb206a86-68af-4517-882b-16e12b92b34c.f05518b3-002c-4f3d-b2f1-e4e3d760bd43.f05518b3-002c-4f3d-b2f1-e4e3d760bd43.crmlog2023-05-09 20:54:43.287MSWIN-SERVER\Administrator 11241100x8000000000000000162498801Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-09 20:52:42.795{EF490992-8FFB-645A-7087-00000000CE02}7068C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Registration\58cddce7-57dd-4f1f-9c52-982a1f08fce4.b4471692-e6d3-4fc1-a57c-2a462423624f.crmlog2023-05-09 20:52:42.794MSWIN-SERVER\Administrator 11241100x8000000000000000162495370Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-09 20:50:40.752{EF490992-8FFB-645A-7087-00000000CE02}7068C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Registration\b3f57d4f-eca5-43f0-aa83-841692dce1b9.1822b120-b6e6-43ba-add9-aa91949ed12b.crmlog2023-05-09 20:50:40.735MSWIN-SERVER\Administrator 11241100x8000000000000000162490933Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-09 20:47:44.172{EF490992-8FFB-645A-7087-00000000CE02}7068C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Registration\5e82c570-4533-417d-9a7c-bf63dec99c64.533c3331-9a9a-4f0d-8d04-7ed05a6da28b.crmlog2023-05-09 20:47:44.172MSWIN-SERVER\Administrator 11241100x8000000000000000162484035Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-09 20:43:24.488{EF490992-8FFB-645A-7087-00000000CE02}7068C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Registration\2b0490e5-776e-4320-ae05-4ce7b7b5698e.e1dd25cb-e9c7-47fc-8312-c7cbf072a3df.crmlog2023-05-09 20:43:24.488MSWIN-SERVER\Administrator