154100x800000000000000028606Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-25 15:27:02.555{13E3B8D2-E9C6-64BF-020A-00000000F902}7012C:\Windows\SysWOW64\Dism.exe10.0.14393.4169 (rs1_release.210107-1130)Dism Image Servicing UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationDISM.EXE"C:\Windows\SysWOW64\dism.exe" /online /norestart /apply-unattend:"C:\Users\ADMINI~1\AppData\Local\Temp\2\ellocnak.xml"C:\Temp\ATTACKRANGE\Administrator{13E3B8D2-8946-64BF-52E5-060000000000}0x6e5522HighMD5=D8D19D0BF0CB3C391E3FE484DDFD10D0,SHA256=7A96E77C4B87E57AEBFAF2CC3687E9ADE97C8695E87F0133BD4D9C1D7F13569E,IMPHASH=F711ECFED801C04F5D0B7B7712291F3E{13E3B8D2-E9C6-64BF-010A-00000000F902}3176C:\Windows\SysWOW64\PkgMgr.exe"C:\Windows\system32\pkgmgr.exe" /n:%temp%\ellocnak.xmlATTACKRANGE\Administrator
154100x800000000000000028571Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-25 15:27:02.511{13E3B8D2-E9C6-64BF-010A-00000000F902}3176C:\Windows\SysWOW64\PkgMgr.exe10.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows Package ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationPkgMgr.exe"C:\Windows\system32\pkgmgr.exe" /n:%%temp%%\ellocnak.xmlC:\Temp\ATTACKRANGE\Administrator{13E3B8D2-8946-64BF-52E5-060000000000}0x6e5522HighMD5=24DFD1EFE2837C760511CE773DF3E9CA,SHA256=8AFD78CB0BEFD7BADAF66BBDEF884FBCE6B9BFCB41291B78DF1939227103766D,IMPHASH=4B933495F5C9D18B68506DE17F7C5CC5{13E3B8D2-E989-64BF-FB09-00000000F902}4404C:\Temp\WM_DSP102.bin"C:\Temp\WM_DSP102.bin"ATTACKRANGE\Administrator
154100x800000000000000027970Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-25 15:24:27.581{13E3B8D2-E92B-64BF-F409-00000000F902}5312C:\Windows\SysWOW64\Dism.exe10.0.14393.4169 (rs1_release.210107-1130)Dism Image Servicing UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationDISM.EXE"C:\Windows\SysWOW64\dism.exe" /online /norestart /apply-unattend:"C:\Users\ADMINI~1\AppData\Local\Temp\2\ellocnak.xml"C:\Temp\ATTACKRANGE\Administrator{13E3B8D2-8946-64BF-52E5-060000000000}0x6e5522HighMD5=D8D19D0BF0CB3C391E3FE484DDFD10D0,SHA256=7A96E77C4B87E57AEBFAF2CC3687E9ADE97C8695E87F0133BD4D9C1D7F13569E,IMPHASH=F711ECFED801C04F5D0B7B7712291F3E{13E3B8D2-E92B-64BF-F309-00000000F902}3764C:\Windows\SysWOW64\PkgMgr.exe"C:\Windows\system32\pkgmgr.exe" /n:%temp%\ellocnak.xmlATTACKRANGE\Administrator
154100x800000000000000027935Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-25 15:24:27.531{13E3B8D2-E92B-64BF-F309-00000000F902}3764C:\Windows\SysWOW64\PkgMgr.exe10.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows Package ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationPkgMgr.exe"C:\Windows\system32\pkgmgr.exe" /n:%%temp%%\ellocnak.xmlC:\Temp\ATTACKRANGE\Administrator{13E3B8D2-8946-64BF-52E5-060000000000}0x6e5522HighMD5=24DFD1EFE2837C760511CE773DF3E9CA,SHA256=8AFD78CB0BEFD7BADAF66BBDEF884FBCE6B9BFCB41291B78DF1939227103766D,IMPHASH=4B933495F5C9D18B68506DE17F7C5CC5{13E3B8D2-E896-64BF-E209-00000000F902}6180C:\Temp\WM_DSP102.bin"C:\Temp\WM_DSP102.bin"ATTACKRANGE\Administrator
154100x800000000000000026726Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-25 15:20:30.188{13E3B8D2-E83E-64BF-DA09-00000000F902}5044C:\Windows\SysWOW64\Dism.exe10.0.14393.4169 (rs1_release.210107-1130)Dism Image Servicing UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationDISM.EXE"C:\Windows\SysWOW64\dism.exe" /online /norestart /apply-unattend:"C:\Users\ADMINI~1\AppData\Local\Temp\2\ellocnak.xml"C:\Temp\ATTACKRANGE\Administrator{13E3B8D2-8946-64BF-52E5-060000000000}0x6e5522HighMD5=D8D19D0BF0CB3C391E3FE484DDFD10D0,SHA256=7A96E77C4B87E57AEBFAF2CC3687E9ADE97C8695E87F0133BD4D9C1D7F13569E,IMPHASH=F711ECFED801C04F5D0B7B7712291F3E{13E3B8D2-E83D-64BF-D909-00000000F902}1636C:\Windows\SysWOW64\PkgMgr.exe"C:\Windows\system32\pkgmgr.exe" /n:%temp%\ellocnak.xmlATTACKRANGE\Administrator
154100x800000000000000026691Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-25 15:20:29.939{13E3B8D2-E83D-64BF-D909-00000000F902}1636C:\Windows\SysWOW64\PkgMgr.exe10.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows Package ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationPkgMgr.exe"C:\Windows\system32\pkgmgr.exe" /n:%%temp%%\ellocnak.xmlC:\Temp\ATTACKRANGE\Administrator{13E3B8D2-8946-64BF-52E5-060000000000}0x6e5522HighMD5=24DFD1EFE2837C760511CE773DF3E9CA,SHA256=8AFD78CB0BEFD7BADAF66BBDEF884FBCE6B9BFCB41291B78DF1939227103766D,IMPHASH=4B933495F5C9D18B68506DE17F7C5CC5{13E3B8D2-E79A-64BF-C909-00000000F902}5216C:\Temp\WM_DSP102.bin"C:\Temp\WM_DSP102.bin"ATTACKRANGE\Administrator