154100x8000000000000000314471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-657.attackrange.local-2022-11-30 17:09:16.472{89C4FCAF-8E3C-6387-7B1A-000000009402}6924C:\Windows\System32\cmdkey.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Credential Manager Command Line UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationcmdkey.execmdkey /listC:\Program Files\ansible\sysmon\ATTACKRANGE\Administrator{89C4FCAF-46B7-6387-1220-3C0000000000}0x3c20122HighMD5=343E6DA0ADF3D528C54E1767254432A6,SHA256=89B6A8CB5CF989E3D999482CECF779BA295871A9C80C8CA151694942D5881114,IMPHASH=02CCF792E6FC0981B34A77557B081489{89C4FCAF-4A94-6387-A906-000000009402}5612C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Program Files\ansible\sysmon"
154100x8000000000000000147313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-657.attackrange.local-2022-11-30 13:20:31.479{89C4FCAF-589F-6387-FF13-000000009402}3864C:\Windows\System32\cmdkey.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Credential Manager Command Line UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationcmdkey.execmdkey /listC:\Users\Public\ATTACKRANGE\Administrator{89C4FCAF-46B7-6387-1220-3C0000000000}0x3c20122HighMD5=343E6DA0ADF3D528C54E1767254432A6,SHA256=89B6A8CB5CF989E3D999482CECF779BA295871A9C80C8CA151694942D5881114,IMPHASH=02CCF792E6FC0981B34A77557B081489{89C4FCAF-57DF-6387-6308-000000009402}5892C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Users\Public"