13241300x800000000000000060455Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:56.374{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060454Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:56.374{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060452Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:55.358{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060451Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:55.358{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060450Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:54.327{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060449Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:54.327{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060448Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:53.312{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060447Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:53.312{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060446Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:52.296{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060445Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:52.296{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060444Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:51.281{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060443Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:51.281{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060442Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:19:51.233{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back]4d 5a 90 00s \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000060441Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:50.265{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060440Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:50.265{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060439Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:49.249{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060438Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:49.249{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060437Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:48.233{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060436Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:48.233{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060435Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:47.218{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060434Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:47.218{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060433Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:46.171{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060432Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:46.171{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060431Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:45.155{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060430Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:45.155{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060429Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:44.140{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060428Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:44.140{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060427Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:43.124{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060426Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:43.124{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060425Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:42.108{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060424Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:42.108{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060423Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:41.093{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060422Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:41.093{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060421Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:40.077{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060420Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:40.077{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060419Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:39.068{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060418Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:39.068{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060417Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:37.968{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060416Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:37.968{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060415Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:36.952{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060414Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:36.952{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060413Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:35.948{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060412Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:35.948{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060410Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:19:35.280{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back]4d 5a 90 00s \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000060409Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:34.936{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060408Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:34.936{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060407Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:33.921{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060406Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:33.921{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060405Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:32.905{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060404Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:32.905{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060403Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:31.889{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060402Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:31.889{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060401Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:30.874{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060400Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:30.874{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060399Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:19:30.264{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\2681e81bb4c4b3e6338ce2a456fb93a7Binary DataATTACKRANGE\Administrator 13241300x800000000000000060398Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:29.858{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060397Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:29.858{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060396Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:28.843{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060395Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:28.843{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060394Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:27.827{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060393Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:27.827{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060392Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:26.811{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060391Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:26.811{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060390Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:25.796{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060389Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:25.796{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060386Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:24.780{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060385Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:24.780{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060384Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:23.764{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060383Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:23.764{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060382Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:22.749{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060381Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:22.749{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060380Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:21.733{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060379Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:21.733{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060378Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:20.718{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060377Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:20.718{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060376Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:19.702{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060375Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:19.702{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060371Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:19:19.436{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back]4d 5a 90 00s \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000060370Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:18.686{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060369Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:18.686{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060368Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:17.671{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060367Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:17.671{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060366Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:16.655{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060365Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:16.655{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060364Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:15.639{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060363Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:15.639{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060362Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:14.624{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060361Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:14.624{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060360Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:13.608{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060359Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:13.608{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060358Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:12.593{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060357Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:12.593{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060356Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:11.577{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060355Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:11.577{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060354Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:10.561{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060353Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:10.561{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060352Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:09.546{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060351Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:09.546{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060350Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:08.530{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060349Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:08.530{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060348Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:07.514{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060347Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:07.514{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060346Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:06.499{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060345Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:06.499{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060344Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:05.483{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060343Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:05.483{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060342Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:04.467{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060341Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:04.467{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060340Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:19:03.674{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back]4d 5a 90 00s \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000060339Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:03.462{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060338Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:03.462{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060337Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:02.449{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060336Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:02.449{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060335Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:01.441{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060334Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:01.441{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060333Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:00.410{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060332Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:19:00.410{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060330Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:59.394{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060329Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:59.394{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060328Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:58.378{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060327Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:58.378{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060324Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:57.363{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060323Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:57.363{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060321Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:56.347{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060320Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:56.347{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060318Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:55.332{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060317Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:55.332{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060316Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:54.316{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060315Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:54.316{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060314Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:53.300{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060313Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:53.300{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060312Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:52.285{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060311Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:52.285{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060310Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:51.269{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060309Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:51.269{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060308Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:50.253{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060307Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:50.253{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060306Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:49.238{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060305Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:49.238{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060304Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:48.223{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060303Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:48.223{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060302Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:18:47.925{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back]4d 5a 90 00s \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000060301Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:47.206{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060300Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:47.206{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060299Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:46.191{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060298Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:46.191{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060297Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:45.175{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060296Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:45.175{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060295Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:44.160{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060294Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:44.160{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060293Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:43.144{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060292Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:43.144{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060291Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:42.128{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060290Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:42.128{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060289Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:41.113{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060288Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:41.113{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060287Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:40.097{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060286Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:40.097{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060285Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:39.081{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060284Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:39.081{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060283Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:38.066{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060282Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:38.066{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060281Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:37.050{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060280Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:37.050{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060279Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:36.035{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060278Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:36.035{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060277Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:35.019{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060276Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:35.019{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060275Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:34.003{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060274Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:34.003{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060273Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:32.988{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060272Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:32.988{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060271Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:18:32.175{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back]4d 5a 90 00s \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000060270Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:31.972{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060269Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:31.972{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060268Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:30.956{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060267Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:30.956{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060266Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:29.941{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060265Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:29.941{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060264Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:28.925{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060263Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:28.925{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060262Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:27.910{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060261Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:27.910{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060260Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:26.894{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060259Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:26.894{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060258Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:25.878{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060257Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:25.878{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060256Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:24.847{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060255Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:24.847{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060254Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:23.831{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060253Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:23.831{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060252Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:22.816{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060251Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:22.816{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060250Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:21.800{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060249Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:21.800{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060248Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:20.784{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060247Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:20.784{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060246Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:19.769{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060245Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:19.769{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060244Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:18.754{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060243Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:18.754{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060242Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:17.738{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060241Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:17.738{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060240Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:16.659{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060239Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:16.659{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060238Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:18:16.378{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back]4d 5a 90 00s \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000060237Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:15.644{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060236Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:15.644{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060235Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:14.628{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060234Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:14.628{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060233Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:13.613{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060232Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:13.613{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060231Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:12.597{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060230Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:12.597{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060229Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:11.581{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060228Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:11.581{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060226Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:10.566{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060225Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:10.566{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060224Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:09.551{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060223Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:09.551{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060222Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:08.534{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060221Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:08.534{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060220Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:07.519{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060219Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:07.519{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060218Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:06.503{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060217Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:06.503{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060216Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:05.488{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060215Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:05.488{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060214Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:04.472{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060213Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:04.472{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060212Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:03.456{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060211Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:03.456{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060210Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:02.445{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060209Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:02.445{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060208Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:01.435{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060207Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:01.435{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060206Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:18:00.577{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back]4d 5a 90 00s \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000060205Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:00.420{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060204Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:18:00.420{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060202Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:59.404{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060201Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:59.404{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060200Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:58.389{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060199Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:58.389{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060194Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:57.373{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060193Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:57.373{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060191Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:56.358{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060190Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:56.358{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060188Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:55.342{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060187Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:55.342{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060186Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:54.326{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060185Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:54.326{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060184Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:53.311{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060183Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:53.311{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060180Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:52.295{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060179Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:52.295{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060178Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:51.279{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060177Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:51.279{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060176Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:50.264{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060175Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:50.264{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060173Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:49.248{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060172Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:49.248{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060171Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:48.238{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060170Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:48.238{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060169Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:47.222{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060168Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:47.222{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060167Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:46.207{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060166Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:46.207{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060165Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:45.191{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060164Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:45.191{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060163Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:17:44.472{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000060162Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:44.180{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060161Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:44.180{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060160Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:43.160{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060159Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:43.160{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060158Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:42.144{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060157Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:42.144{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060156Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:41.128{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060155Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:41.128{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060154Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:40.113{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060153Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:40.113{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060152Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:39.097{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060151Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:39.097{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060150Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:38.082{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060149Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:38.082{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060148Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:37.066{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060147Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:37.066{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060146Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:36.050{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060145Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:36.050{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060144Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:35.035{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060143Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:35.035{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060142Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:34.019{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060141Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:34.019{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060140Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:33.003{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060139Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:33.003{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060138Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:31.988{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060137Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:31.988{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060136Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:30.972{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060135Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:30.972{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060134Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:29.957{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060133Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:29.957{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060132Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:28.941{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060131Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:28.941{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060130Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:17:28.566{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000060129Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:27.925{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060128Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:27.925{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060127Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:26.910{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060126Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:26.910{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060125Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:25.894{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060124Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:25.894{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060123Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:24.878{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060122Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:24.878{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060121Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:23.863{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060120Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:23.863{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060119Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:22.847{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060118Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:22.847{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060117Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:21.832{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060116Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:21.832{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060115Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:20.816{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060114Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:20.816{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060113Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:19.800{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060112Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:19.800{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060111Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:18.786{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060110Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:18.786{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060109Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:17.769{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060108Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:17.769{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060107Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:16.753{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060106Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:16.753{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060105Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:15.738{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060104Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:15.738{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060103Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:14.722{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060102Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:14.722{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060101Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:13.706{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060100Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:13.706{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060099Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:12.691{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060098Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:12.691{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060097Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:17:12.503{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000060096Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:11.678{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060095Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:11.678{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060094Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:10.660{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060093Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:10.660{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060092Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:09.644{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060091Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:09.644{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060090Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:08.628{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060089Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:08.628{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060088Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:07.613{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060087Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:07.613{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060086Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:06.597{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060085Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:06.597{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060084Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:05.581{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060083Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:05.581{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060082Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:04.566{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060081Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:04.566{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060080Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:03.550{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060079Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:03.550{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060078Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:02.535{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060077Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:02.535{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060076Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:01.519{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060075Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:01.519{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060074Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:00.504{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060073Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:17:00.504{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060071Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:59.496{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060070Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:59.496{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060069Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:58.484{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060068Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:58.484{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060065Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:57.469{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060064Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:57.469{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060063Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:16:56.656{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000060061Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:56.453{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060060Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:56.453{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060058Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:55.438{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060057Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:55.438{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060056Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:54.422{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060055Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:54.422{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060054Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:53.406{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060053Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:53.406{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060052Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:52.391{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060051Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:52.391{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060050Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:51.375{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060049Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:51.375{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060048Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:50.359{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060047Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:50.359{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060046Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:49.348{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060045Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:49.348{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060044Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:48.329{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060043Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:48.329{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060042Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:47.328{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060041Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:47.328{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060040Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:46.313{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060039Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:46.313{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060038Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:45.297{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060037Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:45.297{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060036Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:44.281{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060035Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:44.281{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060034Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:43.266{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060033Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:43.250{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060032Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:42.219{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060031Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:42.219{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060030Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:41.203{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060029Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:41.203{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060028Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:16:40.547{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000060027Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:40.188{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060026Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:40.188{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060025Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:39.173{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060024Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:39.173{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060023Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:38.156{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060022Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:38.156{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060021Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:37.141{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060020Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:37.141{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060019Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:36.125{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060018Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:36.125{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060017Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:35.110{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060016Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:35.110{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060015Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:34.094{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060014Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:34.094{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060013Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:33.078{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060012Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:33.078{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060011Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:32.063{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060010Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:32.063{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060009Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:31.047{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060008Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:31.047{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060007Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:30.031{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060006Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:30.031{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060005Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:29.016{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060004Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:29.016{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060003Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:28.000{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060002Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:28.000{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060001Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:26.985{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000060000Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:26.985{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059999Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:25.969{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059998Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:25.969{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059997Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:24.953{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059996Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:24.953{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059995Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:16:24.750{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000059994Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:23.938{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059993Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:23.938{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059992Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:22.922{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059991Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:22.922{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059990Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:21.906{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059989Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:21.906{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059988Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:20.891{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059987Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:20.891{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059986Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:19.875{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059985Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:19.875{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059984Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:18.860{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059983Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:18.860{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059982Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:17.844{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059981Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:17.844{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059980Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:16.828{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059979Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:16.828{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059978Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:15.815{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059977Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:15.815{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059976Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:14.813{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059975Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:14.813{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059974Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:13.797{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059973Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:13.797{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059972Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:12.782{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059971Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:12.782{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059970Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:11.767{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059969Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:11.767{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059968Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:10.750{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059967Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:10.750{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059966Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:09.735{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059965Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:09.735{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059964Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:08.719{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059963Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:08.719{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059962Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:16:08.656{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000059961Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:07.703{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059960Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:07.703{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059959Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:06.688{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059958Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:06.688{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059957Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:05.672{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059956Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:05.672{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059955Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:04.656{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059954Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:04.656{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059953Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:03.641{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059952Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:03.641{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059951Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:02.625{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059950Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:02.625{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059949Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:01.610{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059948Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:01.610{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059947Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:00.594{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059946Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:16:00.594{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059944Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:59.578{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059943Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:59.578{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059942Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:58.567{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059941Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:58.567{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059939Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:57.553{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059938Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:57.553{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059935Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:56.540{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059934Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:56.540{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059932Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:55.523{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059931Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:55.523{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059930Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:54.508{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059929Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:54.508{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059928Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:53.492{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059927Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:53.492{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059926Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:15:52.742{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000059925Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:52.476{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059924Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:52.476{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059923Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:51.464{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059922Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:51.464{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059921Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:50.445{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059920Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:50.445{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059919Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:49.429{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059918Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:49.429{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059917Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:48.414{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059916Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:48.414{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059915Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:47.398{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059914Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:47.398{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059913Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:46.383{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059912Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:46.383{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059911Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:45.367{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059910Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:45.367{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059909Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:44.352{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059908Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:44.352{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059907Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:43.336{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059906Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:43.336{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059905Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:42.320{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059904Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:42.320{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059903Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:41.304{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059902Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:41.304{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059901Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:40.289{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059900Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:40.289{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059899Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:39.273{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059898Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:39.273{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059897Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:38.264{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059896Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:38.264{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059895Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:37.242{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059894Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:37.242{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059893Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:15:36.586{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000059892Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:36.226{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059891Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:36.226{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059890Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:35.211{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059889Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:35.211{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059888Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:34.195{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059887Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:34.195{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059886Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:33.180{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059885Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:33.180{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059884Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:32.164{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059883Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:32.164{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059882Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:31.148{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059881Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:31.148{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059880Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:30.133{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059879Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:30.133{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059878Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:29.117{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059877Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:29.117{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059876Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:28.102{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059875Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:28.102{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059874Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:27.086{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059873Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:27.086{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059872Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:26.070{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059871Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:26.070{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059863Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:25.055{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059862Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:25.055{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059861Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:24.039{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059860Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:24.039{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059859Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:23.023{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059858Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:23.023{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059857Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:22.008{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059856Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:22.008{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059855Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:20.992{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059854Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:20.992{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059853Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:15:20.336{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000059852Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:19.976{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059851Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:19.976{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059850Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:18.961{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059849Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:18.961{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059848Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:17.945{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059847Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:17.945{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059846Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:16.930{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059845Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:16.930{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059844Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:15.914{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059843Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:15.914{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059842Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:14.898{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059841Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:14.898{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059840Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:13.883{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059839Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:13.883{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059838Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:12.867{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059837Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:12.867{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059836Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:11.851{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059835Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:11.851{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059833Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:10.836{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059832Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:10.836{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059831Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:09.820{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059830Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:09.820{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059829Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:08.805{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059828Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:08.805{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059827Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:07.789{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059826Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:07.789{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059825Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:06.775{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059824Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:06.775{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059821Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:05.758{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059820Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:05.758{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059819Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:04.742{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059818Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:04.742{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059817Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:15:04.148{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000059816Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:03.726{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059815Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:03.726{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059814Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:02.711{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059813Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:02.711{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059811Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:01.665{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059810Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:01.665{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059809Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:00.648{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059808Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:15:00.648{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059806Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:59.633{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059805Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:59.633{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059804Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:58.617{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059803Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:58.617{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059801Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:57.601{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059800Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:57.601{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059797Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:56.588{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059796Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:56.588{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059794Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:55.581{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059793Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:55.581{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059792Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:54.566{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059791Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:54.566{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059790Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:53.503{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059789Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:53.503{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059788Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:52.487{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059787Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:52.487{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059786Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:51.472{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059785Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:51.472{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059783Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:50.456{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059782Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:50.456{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059781Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:49.441{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059780Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:49.441{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059779Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:48.425{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059778Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:48.425{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059777Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:14:47.894{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000059776Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:47.409{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059775Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:47.409{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059774Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:46.394{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059773Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:46.394{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059772Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:45.378{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059771Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:45.378{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059770Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:44.363{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059769Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:44.363{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059768Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:43.349{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059767Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:43.349{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059766Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:42.347{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059765Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:42.347{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059764Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:41.332{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059763Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:41.332{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059762Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:40.316{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059761Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:40.316{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059760Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:39.300{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059759Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:39.300{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059758Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:38.288{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059757Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:38.288{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059756Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:37.269{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059755Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:37.269{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059753Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:36.253{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059752Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:36.253{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059747Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:35.238{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059746Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:35.238{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059730Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:34.222{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059729Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:34.222{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059728Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:33.207{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059727Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:33.207{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059726Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:32.192{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059725Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:32.192{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059724Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1484SetValue2023-09-14 09:14:31.628{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\0ff91641118b8ba71feb1aa87725fe56\[kl]%%temp%%[ENTER] r%%[Back][Back][Back]e \x0123/09/12 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [ENTER] [Back][Back][Back]com \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon64[TAP] -c \x0123/09/12 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] rregedit[ENTER] \x0123/09/14 notepad++ *C:\Program Files\ansible\SwiftOnSecurity.xml - Notepad++ [Administrator]\x01 [Back][ \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe\x01 Sysmon6[TAP] -c \x0123/09/14 cmd Administrator: C:\Windows\system32\cmd.exe - Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"\x01 [ENTER] ATTACKRANGE\Administrator 13241300x800000000000000059723Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:31.191{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059722Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:31.191{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059721Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:30.175{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059720Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:30.175{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059719Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:29.159{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059718Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:29.159{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059717Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:28.144{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059716Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:28.144{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059715Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:27.128{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059714Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:27.128{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059713Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:26.113{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059712Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:26.113{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059711Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:25.097{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059710Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:25.097{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059707Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:24.081{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059706Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:24.081{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059705Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:23.066{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059704Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:23.066{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059703Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:22.050{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059702Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:22.050{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059701Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:21.034{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059700Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:21.034{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059699Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:20.019{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059698Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:20.019{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059697Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:19.006{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059696Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:19.006{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059695Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:18.003{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059694Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:18.003{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059693Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:16.988{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059692Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:16.988{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059691Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:15.972{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059690Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:15.972{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059689Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:14.956{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059688Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:14.956{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059687Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:13.942{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059686Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:13.942{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059685Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:12.941{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059684Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:12.941{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059682Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:11.925{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059681Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:11.925{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059680Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:10.909{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059679Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:10.909{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059678Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:09.894{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059677Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:09.894{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059676Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:08.878{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059675Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:08.878{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059674Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:07.863{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059673Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:07.863{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059672Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:06.850{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059671Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:06.850{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059670Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:05.831{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059669Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:05.831{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059668Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:04.816{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059667Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:04.816{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059666Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:03.800{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059665Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:03.800{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059664Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:02.785{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059663Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:02.785{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059662Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:01.769{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059661Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:01.769{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059660Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:00.754{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059659Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:14:00.754{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059658Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:59.738{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059657Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:59.738{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059655Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:58.722{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059654Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:58.722{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059652Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:57.706{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059651Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:57.706{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059649Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:56.691{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059648Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:56.691{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059645Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:55.683{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059644Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:55.683{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059643Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:54.673{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059642Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:54.673{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059641Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:53.660{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059640Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:53.660{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059639Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:52.644{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059638Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:52.644{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059637Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:51.628{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059636Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:51.628{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059635Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:50.613{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059634Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:50.613{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059633Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:49.597{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059632Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:49.597{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059631Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:48.582{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059630Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:48.582{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059629Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:47.566{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059628Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:47.566{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059627Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:46.552{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059626Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:46.552{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059625Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:45.550{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059624Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:45.550{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059623Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:44.536{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059622Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:44.536{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059621Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:43.535{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059620Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:43.535{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059619Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:42.519{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059618Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:42.519{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059617Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:41.503{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059616Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:41.503{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059615Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:40.488{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059614Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:40.488{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059613Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:39.472{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059612Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:39.472{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059611Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:38.457{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059610Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:38.457{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059609Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:37.441{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059608Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:37.441{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059607Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:36.425{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059606Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:36.425{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059605Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:35.410{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059604Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:35.410{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059603Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:34.394{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059602Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:34.394{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059601Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:33.379{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059600Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:33.379{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059599Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:32.363{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059598Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:32.363{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059597Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:31.347{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059596Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:31.347{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059595Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:30.332{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059594Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:30.332{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059593Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:29.316{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059592Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:29.316{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059591Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:28.301{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059590Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:28.301{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059589Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:27.285{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059588Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:27.285{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059587Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:26.269{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059586Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:26.269{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059585Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:25.254{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059584Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:25.254{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059583Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:24.238{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059582Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:24.238{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059581Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:23.222{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059580Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:23.222{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059579Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:22.208{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059578Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:22.208{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059577Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:21.207{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059576Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:21.207{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059575Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:20.192{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059574Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:20.192{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059572Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:19.175{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059571Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:19.175{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059570Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:18.160{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059569Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:18.160{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059568Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:17.146{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059567Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:17.146{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059566Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:16.129{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059565Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:16.129{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059564Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:15.113{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059563Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:15.113{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059562Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:14.097{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059561Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:14.097{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059560Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:13.082{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059559Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:13.082{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059558Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:12.066{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059557Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:12.066{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059556Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:11.050{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059555Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:11.050{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059554Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:10.035{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059553Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:10.035{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059552Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:09.019{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059551Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:09.019{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059550Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:08.004{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059549Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:08.004{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059548Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:06.988{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059547Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:06.988{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059546Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:05.972{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059545Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:05.972{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059544Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:04.957{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059543Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:04.957{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059542Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:03.941{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059541Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:03.941{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059540Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:02.926{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059539Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:02.926{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059538Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:01.910{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059537Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:01.910{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059536Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:00.894{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059535Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:13:00.894{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059534Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:59.879{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059533Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:59.879{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059529Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:58.863{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059528Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:58.863{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059525Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:57.847{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059524Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:57.847{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059522Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:56.832{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059521Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:56.832{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059515Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:55.816{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059514Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:55.816{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059510Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:54.799{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059509Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:54.799{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059508Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:53.790{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059507Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:53.790{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059506Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:52.771{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059505Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:52.771{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059504Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:51.755{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059503Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:51.755{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059502Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:50.740{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059501Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:50.740{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059500Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:49.724{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059499Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:49.724{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059497Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:48.708{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059496Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:48.708{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059495Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:47.680{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059494Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:47.680{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059488Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:46.665{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059487Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:46.665{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059486Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:45.649{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059485Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:45.649{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059483Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:44.633{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059482Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:44.633{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059481Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:43.618{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059480Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:43.618{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059479Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:42.602{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059478Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:42.602{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059477Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:41.587{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059476Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:41.587{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059475Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:40.571{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059474Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:40.571{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059473Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:39.555{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059472Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:39.555{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059470Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:38.540{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059469Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:38.540{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059468Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:37.524{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059467Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:37.524{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059466Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:36.508{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059465Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:36.508{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059464Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:35.493{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059463Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:35.493{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059462Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:34.478{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059461Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:34.478{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059460Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:33.472{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059459Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:33.472{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059455Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:32.462{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059454Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:32.462{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059452Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:31.446{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059451Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:31.446{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059450Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:30.430{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059449Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:30.430{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059448Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:29.415{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059447Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:29.415{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059446Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:28.399{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059445Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:28.399{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059443Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:27.383{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059442Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:27.383{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059441Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:26.368{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059440Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:26.368{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059439Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:25.352{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059438Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:25.352{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059437Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:24.337{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059436Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:24.337{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059435Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:23.321{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059434Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:23.321{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059433Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:22.305{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059432Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:22.305{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059431Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:21.290{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059430Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:21.290{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059429Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:20.274{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059428Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:20.274{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059427Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:19.259{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059426Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:19.259{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059425Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:18.243{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059424Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:18.243{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059423Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:17.228{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059422Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:17.228{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059421Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:16.212{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059420Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:16.212{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059419Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:15.196{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059418Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:15.196{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059417Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:14.180{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059416Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:14.180{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059415Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:13.165{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059414Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:13.165{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059413Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:12.149{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059412Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:12.149{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059411Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:11.134{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059410Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:11.134{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059409Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:10.118{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059408Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:10.118{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059407Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:09.102{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059406Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:09.102{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059405Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:08.087{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059404Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:08.087{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059403Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:07.071{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059402Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:07.071{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059401Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:06.056{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059400Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:06.056{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059399Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:05.040{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059398Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:05.040{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059397Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:04.024{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059396Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:04.024{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059395Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:03.009{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059394Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:03.009{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059393Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:01.993{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059392Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:01.993{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059391Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:00.977{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059390Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:12:00.977{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059389Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:59.962{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059388Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:59.962{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059386Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:58.946{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059385Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:58.946{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059383Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:57.931{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059382Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:57.931{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059380Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:56.915{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059379Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:56.915{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059377Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:55.899{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059376Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:55.899{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059374Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:54.884{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059373Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:54.884{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059372Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:53.868{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059371Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:53.868{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059370Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:52.863{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059369Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:52.863{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059368Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:51.850{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059367Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:51.850{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059366Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:50.848{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059365Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:50.848{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059364Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:49.833{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059363Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:49.833{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059362Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:48.817{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059361Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:48.817{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059360Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:47.801{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059359Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:47.801{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059358Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:46.786{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059357Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:46.786{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059356Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:45.770{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059355Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:45.770{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059354Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:44.756{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059353Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:44.756{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059352Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:43.739{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059351Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:43.739{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059350Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:42.723{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059349Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:42.723{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059348Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:41.708{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059347Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:41.708{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059346Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:40.692{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059345Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:40.692{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059344Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:39.676{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059343Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:39.676{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059342Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:38.661{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059341Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:38.661{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059340Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:37.645{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059339Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:37.645{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059338Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:36.630{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059337Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:36.630{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059336Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:35.614{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059335Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:35.614{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059334Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:34.598{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059333Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:34.598{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059332Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:33.583{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059331Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:33.583{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059330Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:32.567{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059329Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:32.567{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059328Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:31.551{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059327Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:31.551{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059326Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:30.536{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059325Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:30.536{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059324Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:29.520{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059323Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:29.520{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059322Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:28.505{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059321Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:28.505{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059320Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:27.489{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059319Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:27.489{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059318Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:26.473{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059317Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:26.473{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059316Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:25.460{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059315Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:25.460{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059314Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:24.458{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059313Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:24.458{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059312Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:23.442{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059311Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:23.442{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059310Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:22.427{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059309Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:22.427{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059308Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:21.411{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059307Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:21.411{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059306Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:20.395{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059305Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:20.395{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059304Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:19.380{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059303Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:19.380{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059302Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:18.364{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059301Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:18.364{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059300Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:17.348{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059299Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:17.348{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059298Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:16.333{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059297Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:16.333{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059296Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:15.317{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059295Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:15.317{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059294Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:14.302{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059293Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:14.302{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059292Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:13.286{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059291Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:13.286{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059290Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:12.270{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059289Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:12.270{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059288Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:11.255{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059287Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:11.255{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059286Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:10.239{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059285Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:10.239{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059284Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:09.224{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059283Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:09.224{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059282Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:08.208{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059281Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:08.208{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059280Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:07.192{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059279Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:07.192{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059278Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:06.177{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059277Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:06.177{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059276Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:05.177{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059275Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:05.177{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059274Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:04.161{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059273Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:04.161{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059272Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:03.145{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059271Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:03.145{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059270Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:02.130{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059269Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:02.130{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059268Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:01.114{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059267Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:01.114{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059266Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:00.099{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059265Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:11:00.099{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059263Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:59.083{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059262Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:59.083{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059260Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:58.067{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059259Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:58.067{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059257Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:57.052{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059256Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:57.052{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059254Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:56.036{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059253Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:56.036{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059251Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:55.021{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059250Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:55.021{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059249Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:54.005{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059248Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:54.005{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059247Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:52.989{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059246Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:52.989{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059245Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:51.974{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059244Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:51.974{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059243Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:50.970{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059242Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:50.970{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059241Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:49.958{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059240Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:49.958{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059239Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:48.943{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059238Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:48.943{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059237Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:47.928{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059236Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:47.928{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059235Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:46.912{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059234Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:46.912{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059233Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:45.897{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059232Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:45.897{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059231Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:44.867{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059230Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:44.867{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059229Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:43.865{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059228Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:43.865{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059227Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:42.850{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059226Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:42.850{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059225Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:41.834{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059224Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:41.834{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059223Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:40.819{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059222Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:40.819{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059221Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:39.803{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059220Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:39.803{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059219Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:38.787{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059218Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:38.787{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059217Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:37.772{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059216Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:37.772{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059215Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:36.756{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059214Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:36.756{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059213Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:35.740{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059212Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:35.740{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059211Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:34.725{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059210Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:34.725{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059209Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:33.709{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059208Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:33.709{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059207Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:32.694{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059206Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:32.694{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059205Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:31.678{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059204Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:31.678{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059203Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:30.662{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059202Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:30.662{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059201Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:29.647{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059200Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:29.647{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059199Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:28.631{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059198Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:28.631{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059197Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:27.616{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059196Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:27.616{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059195Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:26.600{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059194Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:26.600{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059193Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:25.584{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059192Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:25.584{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059191Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:24.569{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059190Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:24.569{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059189Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:23.553{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059188Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:23.553{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059187Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:22.537{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059186Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:22.537{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059185Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:21.522{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059184Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:21.522{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059183Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:20.510{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059182Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:20.510{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059181Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:19.507{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059180Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:19.507{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059179Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:18.491{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059178Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:18.491{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059177Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:17.475{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059176Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:17.475{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059175Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:16.459{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059174Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:16.459{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059173Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:15.444{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059172Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:15.444{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059171Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:14.428{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059170Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:14.428{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059169Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:13.413{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059168Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:13.413{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059167Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:12.397{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059166Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:12.397{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059165Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:11.381{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059164Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:11.381{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059163Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:10.366{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059162Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:10.366{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059161Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:09.350{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059160Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:09.350{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059159Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:08.334{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059158Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:08.334{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059157Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:07.319{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059156Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:07.319{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059155Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:06.303{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059154Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:06.303{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059153Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:05.288{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059152Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:05.288{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059151Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:04.272{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059150Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:04.272{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059149Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:03.256{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059148Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:03.256{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059147Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:02.241{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059146Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:02.241{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059145Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:01.225{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059144Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:01.225{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059142Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:00.210{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059141Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:10:00.210{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059139Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:59.194{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059138Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:59.194{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059135Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:58.178{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059134Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:58.178{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059132Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:57.163{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059131Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:57.163{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059129Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:56.147{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059128Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:56.147{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059126Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:55.131{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059125Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:55.131{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059124Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:54.116{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059123Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:54.116{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059122Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:53.100{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059121Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:53.100{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059120Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:52.084{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059119Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:52.084{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059118Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:51.069{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059117Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:51.069{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059116Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:50.065{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059115Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:50.065{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059114Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:49.055{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059113Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:49.055{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059110Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:48.038{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059109Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:48.038{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059107Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:42.632{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059106Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:42.632{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059098Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:41.616{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059097Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:41.616{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059096Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:40.600{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059095Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:40.600{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059093Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:39.585{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059092Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:39.585{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059091Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:38.569{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059090Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:38.569{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059089Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:37.554{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059088Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:37.554{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059087Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:36.538{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059086Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:36.538{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059085Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:35.522{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059084Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:35.522{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059083Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:34.507{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059082Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:34.507{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059081Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:33.491{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059080Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:33.491{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059078Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:32.476{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059077Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:32.476{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059076Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:31.460{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059075Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:31.460{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059074Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:30.444{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059073Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:30.444{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059072Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:29.429{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059071Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:29.429{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059070Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:28.414{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059069Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:28.414{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059068Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:27.413{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059067Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:27.413{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059066Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:26.397{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059065Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:26.397{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059064Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:25.382{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059063Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:25.382{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059062Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:24.366{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059061Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:24.366{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059060Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:23.352{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059059Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:23.352{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059058Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:22.351{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059057Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:22.351{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059056Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:21.336{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059055Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:21.336{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059054Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:20.319{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059053Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:20.319{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059052Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:19.304{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059051Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:19.304{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059050Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:18.288{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059049Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:18.288{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059048Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:17.273{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059047Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:17.273{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059046Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:16.260{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059045Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:16.260{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059044Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:15.257{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059043Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:15.257{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059042Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:14.241{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059041Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:14.241{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059040Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:13.234{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059039Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:13.234{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059038Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:12.210{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059037Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:12.210{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059036Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:11.194{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059035Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:11.194{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059034Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:10.179{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059033Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:10.179{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059032Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:09.163{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059031Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:09.163{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059030Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:08.148{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059029Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:08.148{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059028Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:07.132{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059027Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:07.132{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059026Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:06.116{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059025Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:06.116{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059024Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:05.101{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059023Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:05.101{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059022Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:04.085{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059021Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:04.085{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059020Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:03.070{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059019Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:03.070{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059018Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:02.054{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059017Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:02.054{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059016Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:01.038{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059015Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:01.038{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059014Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:00.024{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059013Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:09:00.024{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059011Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:59.007{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059010Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:59.007{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059008Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:57.997{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059007Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:57.997{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059005Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:56.991{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059004Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:56.991{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059002Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:55.976{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000059001Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:55.976{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058999Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:54.960{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058998Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:54.960{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058997Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:53.945{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058996Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:53.945{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058995Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:52.929{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058994Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:52.929{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058993Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:51.913{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058992Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:51.913{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058991Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:50.898{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058990Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:50.898{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058989Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:49.882{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058988Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:49.882{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058987Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:48.867{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058986Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:48.867{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058985Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:47.851{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058984Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:47.851{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058983Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:46.848{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058982Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:46.848{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058981Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:45.832{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058980Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:45.832{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058978Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:44.817{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058977Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:44.817{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058976Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:43.801{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058975Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:43.801{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058974Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:42.789{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058973Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:42.789{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058972Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:41.770{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058971Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:41.770{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058970Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:40.754{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058969Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:40.754{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058968Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:39.738{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058967Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:39.738{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058966Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:38.723{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058965Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:38.723{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058964Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:37.707{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058963Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:37.707{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058962Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:36.692{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058961Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:36.692{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058960Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:35.676{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058959Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:35.676{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058958Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:34.660{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058957Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:34.660{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058956Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:33.645{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058955Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:33.645{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058954Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:32.629{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058953Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:32.629{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058952Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:31.614{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058951Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:31.614{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058950Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:30.598{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058949Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:30.598{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058948Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:29.582{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058947Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:29.582{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058946Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:28.567{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058945Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:28.567{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058943Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:27.551{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058942Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:27.551{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058941Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:26.535{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058940Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:26.535{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058939Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:25.520{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058938Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:25.520{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058937Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:24.504{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058936Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:24.504{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058935Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:23.489{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058934Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:23.489{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058933Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:22.473{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058932Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:22.473{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058931Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:21.457{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058930Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:21.457{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058929Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:20.442{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058928Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:20.442{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058927Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:19.426{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058926Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:19.426{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058925Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:18.411{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058924Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:18.411{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058921Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:17.395{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058920Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:17.395{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058919Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:16.379{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058918Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:16.379{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058917Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:15.364{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058916Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:15.364{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058915Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:14.350{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058914Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:14.350{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058913Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:13.333{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058912Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:13.333{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058911Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:12.317{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058910Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:12.317{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058900Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:11.301{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058899Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:11.301{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058865Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:10.286{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058864Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:10.286{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058829Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:09.270{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058828Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:09.270{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058796Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:08.254{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058795Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:08.254{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058782Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:07.239{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058781Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:07.239{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058778Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:06.223{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058777Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:06.223{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058770Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:05.208{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058769Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:05.208{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058767Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:04.193{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058766Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:04.193{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058764Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:03.176{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058763Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:03.176{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058762Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:02.161{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058761Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:02.161{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058759Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:01.145{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058758Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:01.145{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058749Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:00.130{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058748Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:08:00.130{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058740Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:07:58.755{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator 13241300x800000000000000058739Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-09-14 09:07:58.755{8814F3F5-CD65-6502-6A02-000000000F03}3764C:\Users\Administrator\AppData\Local\Temp\server.comHKU\S-1-5-21-2571799417-433382502-1180051742-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ff91641118b8ba71feb1aa87725fe56"C:\Users\Administrator\AppData\Local\Temp\server.com" ..ATTACKRANGE\Administrator