12241200x800000000000000011517615Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-06 14:17:42.462{FA0EBB31-2E06-6275-9DA1-000000004E02}3504C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x800000000000000011517589Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-06 14:17:42.447{FA0EBB31-2E06-6275-9DA1-000000004E02}3504C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x800000000000000011517535Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-06 14:17:42.439{FA0EBB31-2E06-6275-9DA1-000000004E02}3504C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x800000000000000011517459Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-06 14:17:42.419{FA0EBB31-2E06-6275-9DA1-000000004E02}3504C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x800000000000000011517432Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-06 14:17:42.419{FA0EBB31-2E06-6275-9DA1-000000004E02}3504C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x800000000000000011517430Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-06 14:17:42.419{FA0EBB31-2E06-6275-9DA1-000000004E02}3504C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x800000000000000011517428Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-06 14:17:42.419{FA0EBB31-2E06-6275-9DA1-000000004E02}3504C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x800000000000000011517425Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-06 14:17:42.419{FA0EBB31-2E06-6275-9DA1-000000004E02}3504C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x800000000000000011517413Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-06 14:17:42.419{FA0EBB31-2E06-6275-9DA1-000000004E02}3504C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x800000000000000011517401Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-06 14:17:42.419{FA0EBB31-2E06-6275-9DA1-000000004E02}3504C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x800000000000000011517395Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-06 14:17:42.403{FA0EBB31-2E06-6275-9DA1-000000004E02}3504C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x800000000000000011517393Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-06 14:17:42.403{FA0EBB31-2E06-6275-9DA1-000000004E02}3504C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x800000000000000011517390Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-06 14:17:42.403{FA0EBB31-2E06-6275-9DA1-000000004E02}3504C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 12241200x80000000000000009933376Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-05-06 12:43:17.662{5B5DB6BA-17E5-6275-0E35-010000004D02}5492C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000009933375Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-05-06 12:43:17.647{5B5DB6BA-17E5-6275-0E35-010000004D02}5492C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000009933374Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-05-06 12:43:17.631{5B5DB6BA-17E5-6275-0E35-010000004D02}5492C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x80000000000000009933373Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-06 12:43:17.626{5B5DB6BA-17E5-6275-0E35-010000004D02}5492C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000009933371Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-06 12:43:17.624{5B5DB6BA-17E5-6275-0E35-010000004D02}5492C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000009933369Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-06 12:43:17.624{5B5DB6BA-17E5-6275-0E35-010000004D02}5492C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000009933367Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-06 12:43:17.623{5B5DB6BA-17E5-6275-0E35-010000004D02}5492C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000009933365Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-06 12:43:17.622{5B5DB6BA-17E5-6275-0E35-010000004D02}5492C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000009933363Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-06 12:43:17.606{5B5DB6BA-17E5-6275-0E35-010000004D02}5492C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000009933361Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-06 12:43:17.606{5B5DB6BA-17E5-6275-0E35-010000004D02}5492C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000009933359Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-06 12:43:17.606{5B5DB6BA-17E5-6275-0E35-010000004D02}5492C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000009933357Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-06 12:43:17.606{5B5DB6BA-17E5-6275-0E35-010000004D02}5492C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000009933355Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-06 12:43:17.606{5B5DB6BA-17E5-6275-0E35-010000004D02}5492C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x800000000000000010386627Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-05 15:41:55.956{FA0EBB31-EF16-6273-2E7C-000000004E02}5304C:\Windows\explorer.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids\sysfileBinary DataATTACKRANGE\Administrator 12241200x800000000000000010386626Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-CreateKey2022-05-05 15:41:55.956{FA0EBB31-EF16-6273-2E7C-000000004E02}5304C:\Windows\explorer.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgidsATTACKRANGE\Administrator 12241200x800000000000000010309289Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-05 14:24:33.413{FA0EBB31-DE21-6273-227A-000000004E02}6840C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x800000000000000010309288Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-05 14:24:33.413{FA0EBB31-DE21-6273-227A-000000004E02}6840C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x800000000000000010309287Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-05 14:24:33.398{FA0EBB31-DE21-6273-227A-000000004E02}6840C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x800000000000000010309286Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-05 14:24:33.377{FA0EBB31-DE21-6273-227A-000000004E02}6840C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x800000000000000010309284Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-05 14:24:33.377{FA0EBB31-DE21-6273-227A-000000004E02}6840C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x800000000000000010309282Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-05 14:24:33.377{FA0EBB31-DE21-6273-227A-000000004E02}6840C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x800000000000000010309280Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-05 14:24:33.377{FA0EBB31-DE21-6273-227A-000000004E02}6840C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x800000000000000010309278Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-05 14:24:33.377{FA0EBB31-DE21-6273-227A-000000004E02}6840C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x800000000000000010309276Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-05 14:24:33.377{FA0EBB31-DE21-6273-227A-000000004E02}6840C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x800000000000000010309274Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-05 14:24:33.377{FA0EBB31-DE21-6273-227A-000000004E02}6840C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x800000000000000010309272Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-05 14:24:33.377{FA0EBB31-DE21-6273-227A-000000004E02}6840C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x800000000000000010309270Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-05 14:24:33.377{FA0EBB31-DE21-6273-227A-000000004E02}6840C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x800000000000000010309268Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-05 14:24:33.377{FA0EBB31-DE21-6273-227A-000000004E02}6840C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 12241200x80000000000000008726419Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-05-05 12:53:33.767{5B5DB6BA-C8CD-6273-B60D-010000004D02}1784C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000008726418Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-05-05 12:53:33.755{5B5DB6BA-C8CD-6273-B60D-010000004D02}1784C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000008726417Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-05-05 12:53:33.743{5B5DB6BA-C8CD-6273-B60D-010000004D02}1784C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x80000000000000008726410Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-05 12:53:33.724{5B5DB6BA-C8CD-6273-B60D-010000004D02}1784C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000008726408Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-05 12:53:33.722{5B5DB6BA-C8CD-6273-B60D-010000004D02}1784C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000008726406Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-05 12:53:33.721{5B5DB6BA-C8CD-6273-B60D-010000004D02}1784C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000008726404Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-05 12:53:33.720{5B5DB6BA-C8CD-6273-B60D-010000004D02}1784C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000008726402Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-05 12:53:33.720{5B5DB6BA-C8CD-6273-B60D-010000004D02}1784C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000008726400Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-05 12:53:33.719{5B5DB6BA-C8CD-6273-B60D-010000004D02}1784C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000008726398Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-05 12:53:33.719{5B5DB6BA-C8CD-6273-B60D-010000004D02}1784C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000008726396Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-05 12:53:33.717{5B5DB6BA-C8CD-6273-B60D-010000004D02}1784C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000008726394Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-05 12:53:33.715{5B5DB6BA-C8CD-6273-B60D-010000004D02}1784C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000008726392Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-05 12:53:33.715{5B5DB6BA-C8CD-6273-B60D-010000004D02}1784C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000009418982Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-04 20:35:50.180{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\DellVuln\ImagePath\??\C:\temp\dell.sysNT AUTHORITY\SYSTEM 12241200x80000000000000009415096Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-CreateKey2022-05-04 20:33:28.299{FA0EBB31-D6BB-626F-0001-000000004E02}2244C:\Windows\Explorer.EXEHKU\S-1-5-21-2059343465-2300599999-2417073716-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithListATTACKRANGE\Administrator 13241300x80000000000000009415093Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-04 20:33:28.299{FA0EBB31-D6BB-626F-0001-000000004E02}2244C:\Windows\Explorer.EXEHKU\S-1-5-21-2059343465-2300599999-2417073716-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids\sysfileBinary DataATTACKRANGE\Administrator 12241200x80000000000000009415092Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-CreateKey2022-05-04 20:33:28.299{FA0EBB31-D6BB-626F-0001-000000004E02}2244C:\Windows\Explorer.EXEHKU\S-1-5-21-2059343465-2300599999-2417073716-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgidsATTACKRANGE\Administrator 12241200x80000000000000007522345Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-05-04 12:58:48.570{5B5DB6BA-7888-6272-67E6-000000004D02}6040C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000007522344Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-05-04 12:58:48.570{5B5DB6BA-7888-6272-67E6-000000004D02}6040C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000007522319Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-05-04 12:58:48.559{5B5DB6BA-7888-6272-67E6-000000004D02}6040C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x80000000000000007522293Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-04 12:58:48.539{5B5DB6BA-7888-6272-67E6-000000004D02}6040C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000007522291Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-04 12:58:48.539{5B5DB6BA-7888-6272-67E6-000000004D02}6040C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000007522289Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-04 12:58:48.539{5B5DB6BA-7888-6272-67E6-000000004D02}6040C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000007522287Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-04 12:58:48.539{5B5DB6BA-7888-6272-67E6-000000004D02}6040C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000007522285Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-04 12:58:48.539{5B5DB6BA-7888-6272-67E6-000000004D02}6040C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000007522283Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-04 12:58:48.539{5B5DB6BA-7888-6272-67E6-000000004D02}6040C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000007522281Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-04 12:58:48.539{5B5DB6BA-7888-6272-67E6-000000004D02}6040C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000007522263Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-04 12:58:48.539{5B5DB6BA-7888-6272-67E6-000000004D02}6040C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000007522252Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-04 12:58:48.523{5B5DB6BA-7888-6272-67E6-000000004D02}6040C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000007522250Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-04 12:58:48.523{5B5DB6BA-7888-6272-67E6-000000004D02}6040C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 12241200x80000000000000009045487Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-04 12:58:22.394{FA0EBB31-786E-6272-3350-000000004E02}4168C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000009045411Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-04 12:58:22.379{FA0EBB31-786E-6272-3350-000000004E02}4168C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000009045352Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-04 12:58:22.379{FA0EBB31-786E-6272-3350-000000004E02}4168C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x80000000000000009045257Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-04 12:58:22.363{FA0EBB31-786E-6272-3350-000000004E02}4168C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000009045255Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-04 12:58:22.363{FA0EBB31-786E-6272-3350-000000004E02}4168C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000009045253Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-04 12:58:22.347{FA0EBB31-786E-6272-3350-000000004E02}4168C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000009045251Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-04 12:58:22.347{FA0EBB31-786E-6272-3350-000000004E02}4168C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000009045249Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-04 12:58:22.347{FA0EBB31-786E-6272-3350-000000004E02}4168C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000009045247Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-04 12:58:22.347{FA0EBB31-786E-6272-3350-000000004E02}4168C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000009045245Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-04 12:58:22.347{FA0EBB31-786E-6272-3350-000000004E02}4168C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000009045243Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-04 12:58:22.347{FA0EBB31-786E-6272-3350-000000004E02}4168C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000009045241Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-04 12:58:22.347{FA0EBB31-786E-6272-3350-000000004E02}4168C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000009045239Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-04 12:58:22.347{FA0EBB31-786E-6272-3350-000000004E02}4168C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000008132163Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.855{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000User Mode Driver Frameworks Platform DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132161Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.855{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%systemroot%\System32\drivers\ws2ifsl.sys,-1000Winsock IFS DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132159Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.855{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%systemroot%\System32\drivers\WpdUpFltr.sys,-100WPD Upper Class Filter DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132157Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.840{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\winnat.sys,-10001Windows NAT DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132155Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.840{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\wimmount.sys,-101WIMMountNT AUTHORITY\SYSTEM 13241300x80000000000000008132153Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.840{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000Microsoft Windows Filtering PlatformNT AUTHORITY\SYSTEM 13241300x80000000000000008132151Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.840{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000Kernel Mode Driver Frameworks serviceNT AUTHORITY\SYSTEM 13241300x80000000000000008132149Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.840{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%systemroot%\system32\drivers\wcnfs.sys,-100Windows Container Name VirtualizationNT AUTHORITY\SYSTEM 13241300x80000000000000008132147Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.840{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%systemroot%\system32\drivers\wcifs.sys,-100Windows Container IsolationNT AUTHORITY\SYSTEM 13241300x80000000000000008132140Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.836{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\volsnap.sys,-100Volume Shadow Copy driverNT AUTHORITY\SYSTEM 13241300x80000000000000008132138Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.836{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\volmgrx.sys,-100Dynamic Volume ManagerNT AUTHORITY\SYSTEM 13241300x80000000000000008132136Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.818{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\vhf.sys,-100Virtual HID Framework (VHF) DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132133Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.802{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%systemroot%\system32\drivers\UevAgentDriver.sys,-101UevAgentDriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132127Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.787{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\tcpip.sys,-10001TCP/IP Protocol DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132125Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.787{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\System32\drivers\storqosflt.sys,-101Storage QoS Filter DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132119Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.787{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\System32\drivers\scfilter.sys,-11Smart card PnP Class Filter DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132115Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.771{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\System32\DRIVERS\rdpdr.sys,-100Remote Desktop Device Redirector DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132105Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.771{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\qwavedrv.sys,-1QWAVE driverNT AUTHORITY\SYSTEM 13241300x80000000000000008132103Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.771{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%windir%\System32\drivers\pacer.sys,-101QoS Packet SchedulerNT AUTHORITY\SYSTEM 13241300x80000000000000008132099Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.771{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\pdc.sys,-100PDCNT AUTHORITY\SYSTEM 13241300x80000000000000008132097Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.756{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\partmgr.sys,-100Partition driverNT AUTHORITY\SYSTEM 13241300x80000000000000008132095Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.756{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\nsiproxy.sys,-2NSI Proxy Service DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132093Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.756{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\netbt.sys,-2NETBTNT AUTHORITY\SYSTEM 13241300x80000000000000008132091Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.756{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%windir%\system32\drivers\netbios.sys,-503NetBIOS InterfaceNT AUTHORITY\SYSTEM 13241300x80000000000000008132085Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.756{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\System32\drivers\NdisVirtualBus.sys,-200Microsoft Virtual Network Adapter EnumeratorNT AUTHORITY\SYSTEM 13241300x80000000000000008132081Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.756{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\System32\drivers\ndisimplatform.sys,-501Microsoft Network Adapter Multiplexor ProtocolNT AUTHORITY\SYSTEM 13241300x80000000000000008132079Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.756{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\System32\drivers\ndiscap.sys,-5000Microsoft NDIS CaptureNT AUTHORITY\SYSTEM 13241300x80000000000000008132077Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.756{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\ndis.sys,-200NDIS System DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132075Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.740{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%systemroot%\system32\drivers\mup.sys,-101MUPNT AUTHORITY\SYSTEM 13241300x80000000000000008132073Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.740{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\mslldp.sys,-200Microsoft Link-Layer Discovery ProtocolNT AUTHORITY\SYSTEM 13241300x80000000000000008132071Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.740{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\System32\drivers\MsLbfoProvider.sys,-501Microsoft Load Balancing/Failover ProviderNT AUTHORITY\SYSTEM 13241300x80000000000000008132069Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.740{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\mshidumdf.sys,-100Pass-through HID to UMDF DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132059Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.740{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\mpsdrv.sys,-23092Windows Firewall Authorization DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132057Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.740{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\mountmgr.sys,-100Mount Point ManagerNT AUTHORITY\SYSTEM 13241300x80000000000000008132055Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.718{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%systemroot%\system32\drivers\mmcss.sys,-100Multimedia Class SchedulerNT AUTHORITY\SYSTEM 13241300x80000000000000008132053Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.718{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%systemroot%\system32\drivers\luafv.sys,-100UAC File VirtualizationNT AUTHORITY\SYSTEM 13241300x80000000000000008132047Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.718{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\ipsecgw.sys,-10001Windows IPsec Gateway DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132043Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.718{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100Indirect Displays Kernel-Mode DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132041Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.702{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%systemroot%\system32\drivers\hwpolicy.sys,-101Hardware Policy DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132039Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.702{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\hvservice.sys,-16Hypervisor/Virtual Machine Support DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132037Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.702{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\http.sys,-1HTTP ServiceNT AUTHORITY\SYSTEM 13241300x80000000000000008132035Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.687{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100GPU Energy DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132033Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.687{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\fsdepends.sys,-10001File System Dependency MinifilterNT AUTHORITY\SYSTEM 13241300x80000000000000008132031Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.687{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\fltmgr.sys,-10001FltMgrNT AUTHORITY\SYSTEM 13241300x80000000000000008132029Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.687{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\filetrace.sys,-10001FileTraceNT AUTHORITY\SYSTEM 13241300x80000000000000008132027Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.687{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\fileinfo.sys,-100File Information FS MiniFilterNT AUTHORITY\SYSTEM 13241300x80000000000000008132025Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.687{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%systemroot%\system32\drivers\filecrypt.sys,-100FileCryptNT AUTHORITY\SYSTEM 13241300x80000000000000008132021Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.671{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\EhStorClass.sys,-100Enhanced Storage Filter DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132013Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.671{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\dam.sys,-100Desktop Activity Moderator DriverNT AUTHORITY\SYSTEM 13241300x80000000000000008132011Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.671{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\cnghwassist.sys,-100CNG Hardware Assist algorithm providerNT AUTHORITY\SYSTEM 13241300x80000000000000008132009Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.656{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\registry.sys,-100Virtual Registry for ContainersNT AUTHORITY\SYSTEM 13241300x80000000000000008132007Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.656{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%SystemRoot%\system32\drivers\clfs.sys,-100Common Log (CLFS)NT AUTHORITY\SYSTEM 13241300x80000000000000008132001Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.640{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%systemroot%\system32\drivers\AppvVfs.sys,-101AppvVfsNT AUTHORITY\SYSTEM 13241300x80000000000000008131999Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.640{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%systemroot%\system32\drivers\AppvVemgr.sys,-101AppvVemgrNT AUTHORITY\SYSTEM 13241300x80000000000000008131997Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.636{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%systemroot%\system32\drivers\AppvStrm.sys,-101AppvStrmNT AUTHORITY\SYSTEM 13241300x80000000000000008131991Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.618{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%systemroot%\system32\drivers\ahcache.sys,-102Application Compatibility CacheNT AUTHORITY\SYSTEM 13241300x80000000000000008131989Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 17:32:12.618{FA0EBB31-D416-626F-0A00-000000004E02}628C:\Windows\system32\services.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500_Classes\Local Settings\MuiCache\134\52C64B7E\@%systemroot%\system32\drivers\afd.sys,-1000Ancillary Function Driver for WinsockNT AUTHORITY\SYSTEM 12241200x80000000000000006342271Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-05-03 13:39:54.581{5B5DB6BA-30AA-6271-E5BF-000000004D02}5764C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000006342270Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-05-03 13:39:54.566{5B5DB6BA-30AA-6271-E5BF-000000004D02}5764C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000006342265Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-05-03 13:39:54.550{5B5DB6BA-30AA-6271-E5BF-000000004D02}5764C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x80000000000000006342264Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-03 13:39:54.546{5B5DB6BA-30AA-6271-E5BF-000000004D02}5764C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000006342262Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-03 13:39:54.544{5B5DB6BA-30AA-6271-E5BF-000000004D02}5764C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000006342260Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-03 13:39:54.544{5B5DB6BA-30AA-6271-E5BF-000000004D02}5764C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000006342258Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-03 13:39:54.543{5B5DB6BA-30AA-6271-E5BF-000000004D02}5764C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000006342256Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-03 13:39:54.542{5B5DB6BA-30AA-6271-E5BF-000000004D02}5764C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000006342254Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-03 13:39:54.541{5B5DB6BA-30AA-6271-E5BF-000000004D02}5764C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000006342251Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-03 13:39:54.541{5B5DB6BA-30AA-6271-E5BF-000000004D02}5764C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000006342248Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-03 13:39:54.539{5B5DB6BA-30AA-6271-E5BF-000000004D02}5764C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000006342246Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-03 13:39:54.522{5B5DB6BA-30AA-6271-E5BF-000000004D02}5764C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000006342244Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-03 13:39:54.522{5B5DB6BA-30AA-6271-E5BF-000000004D02}5764C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 12241200x80000000000000006353752Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-03 13:37:07.404{FA0EBB31-3003-6271-B029-000000004E02}4692C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000006353651Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-03 13:37:07.387{FA0EBB31-3003-6271-B029-000000004E02}4692C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000006353597Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-03 13:37:07.372{FA0EBB31-3003-6271-B029-000000004E02}4692C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x80000000000000006353547Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 13:37:07.354{FA0EBB31-3003-6271-B029-000000004E02}4692C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000006353545Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 13:37:07.352{FA0EBB31-3003-6271-B029-000000004E02}4692C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000006353543Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 13:37:07.351{FA0EBB31-3003-6271-B029-000000004E02}4692C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000006353541Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 13:37:07.351{FA0EBB31-3003-6271-B029-000000004E02}4692C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000006353539Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 13:37:07.350{FA0EBB31-3003-6271-B029-000000004E02}4692C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000006353537Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 13:37:07.349{FA0EBB31-3003-6271-B029-000000004E02}4692C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000006353535Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 13:37:07.349{FA0EBB31-3003-6271-B029-000000004E02}4692C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000006353508Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 13:37:07.347{FA0EBB31-3003-6271-B029-000000004E02}4692C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000006353506Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 13:37:07.345{FA0EBB31-3003-6271-B029-000000004E02}4692C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000006353504Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-03 13:37:07.344{FA0EBB31-3003-6271-B029-000000004E02}4692C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005170364Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 13:08:58.870{FA0EBB31-D6BB-626F-0001-000000004E02}2244C:\Windows\Explorer.EXEHKU\S-1-5-21-2059343465-2300599999-2417073716-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids\sysfileBinary DataATTACKRANGE\Administrator 12241200x80000000000000005170363Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-CreateKey2022-05-02 13:08:58.870{FA0EBB31-D6BB-626F-0001-000000004E02}2244C:\Windows\Explorer.EXEHKU\S-1-5-21-2059343465-2300599999-2417073716-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgidsATTACKRANGE\Administrator 12241200x80000000000000005141675Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-02 13:03:50.801{FA0EBB31-D6B6-626F-EB00-000000004E02}396C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000005141674Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-02 13:03:50.801{FA0EBB31-D6B6-626F-EB00-000000004E02}396C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000005141673Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-02 13:03:50.785{FA0EBB31-D6B6-626F-EB00-000000004E02}396C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x80000000000000005141672Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 13:03:50.769{FA0EBB31-D6B6-626F-EB00-000000004E02}396C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000005141670Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 13:03:50.769{FA0EBB31-D6B6-626F-EB00-000000004E02}396C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005141668Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 13:03:50.769{FA0EBB31-D6B6-626F-EB00-000000004E02}396C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005141666Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 13:03:50.769{FA0EBB31-D6B6-626F-EB00-000000004E02}396C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005141664Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 13:03:50.769{FA0EBB31-D6B6-626F-EB00-000000004E02}396C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005141658Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 13:03:50.769{FA0EBB31-D6B6-626F-EB00-000000004E02}396C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005141644Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 13:03:50.769{FA0EBB31-D6B6-626F-EB00-000000004E02}396C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000005141634Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 13:03:50.769{FA0EBB31-D6B6-626F-EB00-000000004E02}396C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000005141631Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 13:03:50.754{FA0EBB31-D6B6-626F-EB00-000000004E02}396C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005141629Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 13:03:50.754{FA0EBB31-D6B6-626F-EB00-000000004E02}396C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005136449Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:59:29.526{FA0EBB31-D509-626F-9E00-000000004E02}2500\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005136448Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:59:29.526{FA0EBB31-D509-626F-9E00-000000004E02}2500\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005136447Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:59:29.526{FA0EBB31-D509-626F-9E00-000000004E02}2500\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005136446Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:59:29.526{FA0EBB31-D509-626F-9E00-000000004E02}2500\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005136445Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:59:29.526{FA0EBB31-D509-626F-9E00-000000004E02}2500\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005136444Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:59:29.526{FA0EBB31-D509-626F-9E00-000000004E02}2500\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005136443Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:59:29.526{FA0EBB31-D509-626F-9E00-000000004E02}2500\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 12241200x80000000000000005099998Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-02 12:52:55.254{FA0EBB31-D427-626F-3800-000000004E02}3188C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000005099972Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-02 12:52:55.239{FA0EBB31-D427-626F-3800-000000004E02}3188C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000005099890Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-02 12:52:55.223{FA0EBB31-D427-626F-3800-000000004E02}3188C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x80000000000000005099777Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:52:55.134{FA0EBB31-D427-626F-3800-000000004E02}3188C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000005099775Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:52:55.134{FA0EBB31-D427-626F-3800-000000004E02}3188C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005099773Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:52:55.134{FA0EBB31-D427-626F-3800-000000004E02}3188C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005099771Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:52:55.134{FA0EBB31-D427-626F-3800-000000004E02}3188C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005099769Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:52:55.134{FA0EBB31-D427-626F-3800-000000004E02}3188C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005099767Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:52:55.134{FA0EBB31-D427-626F-3800-000000004E02}3188C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005099765Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:52:55.134{FA0EBB31-D427-626F-3800-000000004E02}3188C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000005099763Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:52:55.134{FA0EBB31-D427-626F-3800-000000004E02}3188C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000005099761Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:52:55.134{FA0EBB31-D427-626F-3800-000000004E02}3188C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005099759Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:52:55.134{FA0EBB31-D427-626F-3800-000000004E02}3188C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 11241100x80000000000000005094709Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-05-02 12:52:37.670{FA0EBB31-D40E-626F-0200-000000004E02}320C:\Windows\System32\smss.exeC:\pagefile.sys2022-04-27 13:20:44.482NT AUTHORITY\SYSTEM 13241300x80000000000000005094696Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:52:37.217{FA0EBB31-D40E-626F-0200-000000004E02}320C:\Windows\System32\smss.exeHKLM\BCD00000000\Objects\{0daf9bb9-94c8-11e6-b1fd-0e5bdc9ce43b}\Elements\22000002\Element\hiberfil.sysNT AUTHORITY\SYSTEM 12241200x80000000000000005032243Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-02 12:46:58.973{FA0EBB31-D2C2-626F-3E00-000000004D02}3660C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000005032189Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-02 12:46:58.958{FA0EBB31-D2C2-626F-3E00-000000004D02}3660C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000005032099Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-02 12:46:58.942{FA0EBB31-D2C2-626F-3E00-000000004D02}3660C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x80000000000000005032018Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:46:58.927{FA0EBB31-D2C2-626F-3E00-000000004D02}3660C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000005032016Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:46:58.927{FA0EBB31-D2C2-626F-3E00-000000004D02}3660C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005032012Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:46:58.927{FA0EBB31-D2C2-626F-3E00-000000004D02}3660C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005032001Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:46:58.927{FA0EBB31-D2C2-626F-3E00-000000004D02}3660C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005031985Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:46:58.927{FA0EBB31-D2C2-626F-3E00-000000004D02}3660C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005031983Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:46:58.927{FA0EBB31-D2C2-626F-3E00-000000004D02}3660C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005031981Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:46:58.927{FA0EBB31-D2C2-626F-3E00-000000004D02}3660C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000005031978Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:46:58.911{FA0EBB31-D2C2-626F-3E00-000000004D02}3660C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000005031976Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:46:58.911{FA0EBB31-D2C2-626F-3E00-000000004D02}3660C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005031972Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:46:58.911{FA0EBB31-D2C2-626F-3E00-000000004D02}3660C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 11241100x80000000000000005020433Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-05-02 12:46:41.154{FA0EBB31-D297-626F-0200-000000004D02}324C:\Windows\System32\smss.exeC:\pagefile.sys2022-04-27 13:20:44.482NT AUTHORITY\SYSTEM 13241300x80000000000000005020415Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:46:41.154{FA0EBB31-D297-626F-0200-000000004D02}324C:\Windows\System32\smss.exeHKLM\BCD00000000\Objects\{0daf9bb9-94c8-11e6-b1fd-0e5bdc9ce43b}\Elements\22000002\Element\hiberfil.sysNT AUTHORITY\SYSTEM 12241200x80000000000000005076913Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-05-02 12:38:14.765{5B5DB6BA-D0B6-626F-A296-000000004D02}5184C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000005076912Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-05-02 12:38:14.765{5B5DB6BA-D0B6-626F-A296-000000004D02}5184C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000005076884Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-05-02 12:38:14.750{5B5DB6BA-D0B6-626F-A296-000000004D02}5184C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x80000000000000005076831Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-02 12:38:14.734{5B5DB6BA-D0B6-626F-A296-000000004D02}5184C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000005076816Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-02 12:38:14.734{5B5DB6BA-D0B6-626F-A296-000000004D02}5184C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005076801Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-02 12:38:14.734{5B5DB6BA-D0B6-626F-A296-000000004D02}5184C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005076799Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-02 12:38:14.734{5B5DB6BA-D0B6-626F-A296-000000004D02}5184C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005076797Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-02 12:38:14.734{5B5DB6BA-D0B6-626F-A296-000000004D02}5184C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005076794Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-02 12:38:14.734{5B5DB6BA-D0B6-626F-A296-000000004D02}5184C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005076792Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-02 12:38:14.734{5B5DB6BA-D0B6-626F-A296-000000004D02}5184C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000005076790Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-02 12:38:14.734{5B5DB6BA-D0B6-626F-A296-000000004D02}5184C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000005076762Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-02 12:38:14.734{5B5DB6BA-D0B6-626F-A296-000000004D02}5184C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000005076760Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-02 12:38:14.718{5B5DB6BA-D0B6-626F-A296-000000004D02}5184C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000004986993Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:33:06.627{FA0EBB31-CE55-626F-9396-000000004C02}2776C:\Windows\explorer.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids\sysfileBinary DataATTACKRANGE\Administrator 12241200x80000000000000004986992Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-CreateKey2022-05-02 12:33:06.627{FA0EBB31-CE55-626F-9396-000000004C02}2776C:\Windows\explorer.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgidsATTACKRANGE\Administrator 13241300x80000000000000004986993Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-02 12:33:06.627{FA0EBB31-CE55-626F-9396-000000004C02}2776C:\Windows\explorer.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids\sysfileBinary DataATTACKRANGE\Administrator 12241200x80000000000000004986992Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-CreateKey2022-05-02 12:33:06.627{FA0EBB31-CE55-626F-9396-000000004C02}2776C:\Windows\explorer.exeHKU\S-1-5-21-2059343465-2300599999-2417073716-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgidsATTACKRANGE\Administrator 12241200x80000000000000003876728Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-01 13:39:10.300{FA0EBB31-8D7E-626E-ED70-000000004C02}4648C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000003876727Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-01 13:39:10.283{FA0EBB31-8D7E-626E-ED70-000000004C02}4648C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000003876726Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-05-01 13:39:10.283{FA0EBB31-8D7E-626E-ED70-000000004C02}4648C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x80000000000000003876725Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-01 13:39:10.267{FA0EBB31-8D7E-626E-ED70-000000004C02}4648C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000003876723Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-01 13:39:10.267{FA0EBB31-8D7E-626E-ED70-000000004C02}4648C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003876721Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-01 13:39:10.267{FA0EBB31-8D7E-626E-ED70-000000004C02}4648C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003876719Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-01 13:39:10.267{FA0EBB31-8D7E-626E-ED70-000000004C02}4648C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003876717Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-01 13:39:10.267{FA0EBB31-8D7E-626E-ED70-000000004C02}4648C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003876715Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-01 13:39:10.267{FA0EBB31-8D7E-626E-ED70-000000004C02}4648C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003876713Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-01 13:39:10.267{FA0EBB31-8D7E-626E-ED70-000000004C02}4648C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000003876711Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-01 13:39:10.252{FA0EBB31-8D7E-626E-ED70-000000004C02}4648C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000003876709Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-01 13:39:10.252{FA0EBB31-8D7E-626E-ED70-000000004C02}4648C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003876707Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-05-01 13:39:10.252{FA0EBB31-8D7E-626E-ED70-000000004C02}4648C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 12241200x80000000000000003890061Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-05-01 12:37:08.578{5B5DB6BA-7EF4-626E-C46E-000000004D02}3996C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000003890060Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-05-01 12:37:08.565{5B5DB6BA-7EF4-626E-C46E-000000004D02}3996C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000003890056Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-05-01 12:37:08.553{5B5DB6BA-7EF4-626E-C46E-000000004D02}3996C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x80000000000000003890055Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-01 12:37:08.539{5B5DB6BA-7EF4-626E-C46E-000000004D02}3996C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000003890053Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-01 12:37:08.538{5B5DB6BA-7EF4-626E-C46E-000000004D02}3996C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003890051Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-01 12:37:08.537{5B5DB6BA-7EF4-626E-C46E-000000004D02}3996C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003890049Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-01 12:37:08.536{5B5DB6BA-7EF4-626E-C46E-000000004D02}3996C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003890047Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-01 12:37:08.536{5B5DB6BA-7EF4-626E-C46E-000000004D02}3996C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003890045Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-01 12:37:08.535{5B5DB6BA-7EF4-626E-C46E-000000004D02}3996C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003890043Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-01 12:37:08.535{5B5DB6BA-7EF4-626E-C46E-000000004D02}3996C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000003890041Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-01 12:37:08.533{5B5DB6BA-7EF4-626E-C46E-000000004D02}3996C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000003890039Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-01 12:37:08.531{5B5DB6BA-7EF4-626E-C46E-000000004D02}3996C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003890037Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-05-01 12:37:08.531{5B5DB6BA-7EF4-626E-C46E-000000004D02}3996C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 12241200x80000000000000002757484Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-04-30 14:10:43.266{FA0EBB31-4363-626D-3D4A-000000004C02}4916C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000002757483Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-04-30 14:10:43.250{FA0EBB31-4363-626D-3D4A-000000004C02}4916C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000002757482Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-04-30 14:10:43.250{FA0EBB31-4363-626D-3D4A-000000004C02}4916C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x80000000000000002757481Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-30 14:10:43.234{FA0EBB31-4363-626D-3D4A-000000004C02}4916C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000002757479Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-30 14:10:43.234{FA0EBB31-4363-626D-3D4A-000000004C02}4916C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000002757477Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-30 14:10:43.234{FA0EBB31-4363-626D-3D4A-000000004C02}4916C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000002757475Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-30 14:10:43.234{FA0EBB31-4363-626D-3D4A-000000004C02}4916C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000002757473Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-30 14:10:43.234{FA0EBB31-4363-626D-3D4A-000000004C02}4916C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000002757471Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-30 14:10:43.219{FA0EBB31-4363-626D-3D4A-000000004C02}4916C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000002757469Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-30 14:10:43.219{FA0EBB31-4363-626D-3D4A-000000004C02}4916C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000002757467Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-30 14:10:43.219{FA0EBB31-4363-626D-3D4A-000000004C02}4916C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000002757465Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-30 14:10:43.219{FA0EBB31-4363-626D-3D4A-000000004C02}4916C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000002757463Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-30 14:10:43.219{FA0EBB31-4363-626D-3D4A-000000004C02}4916C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 12241200x80000000000000002761248Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-04-30 13:03:15.585{5B5DB6BA-3393-626D-E347-000000004D02}3564C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000002761247Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-04-30 13:03:15.573{5B5DB6BA-3393-626D-E347-000000004D02}3564C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000002761246Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-04-30 13:03:15.561{5B5DB6BA-3393-626D-E347-000000004D02}3564C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x80000000000000002761243Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-30 13:03:15.544{5B5DB6BA-3393-626D-E347-000000004D02}3564C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000002761241Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-30 13:03:15.543{5B5DB6BA-3393-626D-E347-000000004D02}3564C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000002761239Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-30 13:03:15.542{5B5DB6BA-3393-626D-E347-000000004D02}3564C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000002761237Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-30 13:03:15.541{5B5DB6BA-3393-626D-E347-000000004D02}3564C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000002761235Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-30 13:03:15.541{5B5DB6BA-3393-626D-E347-000000004D02}3564C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000002761233Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-30 13:03:15.540{5B5DB6BA-3393-626D-E347-000000004D02}3564C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000002761231Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-30 13:03:15.540{5B5DB6BA-3393-626D-E347-000000004D02}3564C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000002761229Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-30 13:03:15.538{5B5DB6BA-3393-626D-E347-000000004D02}3564C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000002761227Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-30 13:03:15.536{5B5DB6BA-3393-626D-E347-000000004D02}3564C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000002761225Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-30 13:03:15.536{5B5DB6BA-3393-626D-E347-000000004D02}3564C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 12241200x80000000000000001615447Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-04-29 13:14:10.766{5B5DB6BA-E4A2-626B-5320-000000004D02}2772C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000001615446Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-04-29 13:14:10.753{5B5DB6BA-E4A2-626B-5320-000000004D02}2772C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000001615445Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-04-29 13:14:10.740{5B5DB6BA-E4A2-626B-5320-000000004D02}2772C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x80000000000000001615444Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-29 13:14:10.727{5B5DB6BA-E4A2-626B-5320-000000004D02}2772C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000001615442Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-29 13:14:10.725{5B5DB6BA-E4A2-626B-5320-000000004D02}2772C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000001615440Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-29 13:14:10.725{5B5DB6BA-E4A2-626B-5320-000000004D02}2772C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000001615438Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-29 13:14:10.724{5B5DB6BA-E4A2-626B-5320-000000004D02}2772C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000001615436Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-29 13:14:10.723{5B5DB6BA-E4A2-626B-5320-000000004D02}2772C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000001615434Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-29 13:14:10.722{5B5DB6BA-E4A2-626B-5320-000000004D02}2772C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000001615432Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-29 13:14:10.722{5B5DB6BA-E4A2-626B-5320-000000004D02}2772C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000001615430Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-29 13:14:10.721{5B5DB6BA-E4A2-626B-5320-000000004D02}2772C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000001615427Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-29 13:14:10.719{5B5DB6BA-E4A2-626B-5320-000000004D02}2772C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000001615414Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-29 13:14:10.718{5B5DB6BA-E4A2-626B-5320-000000004D02}2772C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 12241200x80000000000000001537598Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-04-29 12:48:03.458{FA0EBB31-DE83-626B-1220-000000004C02}3724C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000001537591Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-04-29 12:48:03.446{FA0EBB31-DE83-626B-1220-000000004C02}3724C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x80000000000000001537590Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-04-29 12:48:03.434{FA0EBB31-DE83-626B-1220-000000004C02}3724C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x80000000000000001537583Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-29 12:48:03.421{FA0EBB31-DE83-626B-1220-000000004C02}3724C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000001537581Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-29 12:48:03.419{FA0EBB31-DE83-626B-1220-000000004C02}3724C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000001537579Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-29 12:48:03.418{FA0EBB31-DE83-626B-1220-000000004C02}3724C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000001537577Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-29 12:48:03.417{FA0EBB31-DE83-626B-1220-000000004C02}3724C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000001537575Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-29 12:48:03.416{FA0EBB31-DE83-626B-1220-000000004C02}3724C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000001537573Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-29 12:48:03.416{FA0EBB31-DE83-626B-1220-000000004C02}3724C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000001537571Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-29 12:48:03.415{FA0EBB31-DE83-626B-1220-000000004C02}3724C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000001537569Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-29 12:48:03.414{FA0EBB31-DE83-626B-1220-000000004C02}3724C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x80000000000000001537567Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-29 12:48:03.412{FA0EBB31-DE83-626B-1220-000000004C02}3724C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000001537565Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-29 12:48:03.411{FA0EBB31-DE83-626B-1220-000000004C02}3724C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000725405Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:45:53.519{5B5DB6BA-D8BE-626A-0A00-000000004D02}632C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\COMBroker\ImagePath\??\C:\Windows\System32\drivers\combroker.sysNT AUTHORITY\SYSTEM 11241100x8000000000000000725018Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-2022-04-28 18:45:53.309{5B5DB6BA-E0E1-626A-B701-000000004D02}1036C:\Windows\System32\cmd.exeC:\Windows\System32\drivers\combroker.sys2022-04-28 18:45:53.293WIN-HOST-MHAAG-\Administrator 13241300x8000000000000000723965Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:45:43.515{5B5DB6BA-DFA7-626A-7B01-000000004D02}4092C:\Windows\Explorer.EXEHKU\S-1-5-21-2480955239-1397298024-3982718667-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids\sysfileBinary DataWIN-HOST-MHAAG-\Administrator 12241200x8000000000000000723964Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-CreateKey2022-04-28 18:45:43.515{5B5DB6BA-DFA7-626A-7B01-000000004D02}4092C:\Windows\Explorer.EXEHKU\S-1-5-21-2480955239-1397298024-3982718667-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgidsWIN-HOST-MHAAG-\Administrator 11241100x8000000000000000722840Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-2022-04-28 18:45:18.470{5B5DB6BA-DFA7-626A-7B01-000000004D02}4092C:\Windows\Explorer.EXEC:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package\combroker.sys2022-04-28 18:45:18.470WIN-HOST-MHAAG-\Administrator 11241100x8000000000000000722820Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-2022-04-28 18:45:15.909{5B5DB6BA-DFA7-626A-7B01-000000004D02}4092C:\Windows\Explorer.EXEC:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\combroker.sys2022-04-28 18:45:15.909WIN-HOST-MHAAG-\Administrator 11241100x8000000000000000722804Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-2022-04-28 18:45:13.633{5B5DB6BA-DFA7-626A-7B01-000000004D02}4092C:\Windows\Explorer.EXEC:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\payloads\originals\Capcom.sys2022-04-28 18:45:13.633WIN-HOST-MHAAG-\Administrator 12241200x8000000000000000695811Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-04-28 18:40:39.716{5B5DB6BA-DFA7-626A-7901-000000004D02}3644C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x8000000000000000695771Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-04-28 18:40:39.700{5B5DB6BA-DFA7-626A-7901-000000004D02}3644C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x8000000000000000695732Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-04-28 18:40:39.685{5B5DB6BA-DFA7-626A-7901-000000004D02}3644C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x8000000000000000695728Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:40:39.671{5B5DB6BA-DFA7-626A-7901-000000004D02}3644C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000695723Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:40:39.669{5B5DB6BA-DFA7-626A-7901-000000004D02}3644C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000695714Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:40:39.668{5B5DB6BA-DFA7-626A-7901-000000004D02}3644C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000695696Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:40:39.667{5B5DB6BA-DFA7-626A-7901-000000004D02}3644C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000695694Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:40:39.667{5B5DB6BA-DFA7-626A-7901-000000004D02}3644C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000695692Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:40:39.666{5B5DB6BA-DFA7-626A-7901-000000004D02}3644C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000695690Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:40:39.666{5B5DB6BA-DFA7-626A-7901-000000004D02}3644C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000695687Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:40:39.664{5B5DB6BA-DFA7-626A-7901-000000004D02}3644C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000695685Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:40:39.662{5B5DB6BA-DFA7-626A-7901-000000004D02}3644C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000695683Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:40:39.661{5B5DB6BA-DFA7-626A-7901-000000004D02}3644C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000663451Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:34:08.493{FA0EBB31-D8E2-626A-0A00-000000004C02}620C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\combo12\ImagePath\??\C:\ProgramData\combo12.sysNT AUTHORITY\SYSTEM 11241100x8000000000000000662688Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-04-28 18:33:19.640{FA0EBB31-DC7B-626A-1801-000000004C02}4984C:\Windows\Explorer.EXEC:\ProgramData\combo2.sys2022-04-28 18:33:19.640ATTACKRANGE\Administrator 13241300x8000000000000000661858Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:32:57.176{FA0EBB31-D8E2-626A-0A00-000000004C02}620C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\Atomi3222\ImagePath\??\C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\combo2.sysNT AUTHORITY\SYSTEM 13241300x8000000000000000660981Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:32:16.789{FA0EBB31-D8E2-626A-0A00-000000004C02}620C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\Atomi322\ImagePath\??\C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\combo.sysNT AUTHORITY\SYSTEM 13241300x8000000000000000660774Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:32:10.772{FA0EBB31-DC7B-626A-1801-000000004C02}4984C:\Windows\Explorer.EXEHKU\S-1-5-21-2059343465-2300599999-2417073716-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids\sysfileBinary DataATTACKRANGE\Administrator 12241200x8000000000000000660773Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-CreateKey2022-04-28 18:32:10.772{FA0EBB31-DC7B-626A-1801-000000004C02}4984C:\Windows\Explorer.EXEHKU\S-1-5-21-2059343465-2300599999-2417073716-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgidsATTACKRANGE\Administrator 13241300x8000000000000000657382Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:29:52.327{FA0EBB31-D8E2-626A-0A00-000000004C02}620C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\Atomic\ImagePath\??\C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\combo.sysNT AUTHORITY\SYSTEM 13241300x8000000000000000652145Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:27:38.442{FA0EBB31-D8E2-626A-0A00-000000004C02}620C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\COMBroker\ImagePath\??\C:\Windows\System32\drivers\combroker.sysNT AUTHORITY\SYSTEM 11241100x8000000000000000651601Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-04-28 18:27:38.172{FA0EBB31-DC9A-626A-3101-000000004C02}4524C:\Windows\System32\cmd.exeC:\Windows\System32\drivers\combroker.sys2022-04-28 18:27:38.172ATTACKRANGE\Administrator 12241200x8000000000000000633209Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-04-28 18:27:08.068{FA0EBB31-DC7B-626A-1901-000000004C02}5024C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x8000000000000000633198Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-04-28 18:27:08.048{FA0EBB31-DC7B-626A-1901-000000004C02}5024C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x8000000000000000633171Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-04-28 18:27:08.030{FA0EBB31-DC7B-626A-1901-000000004C02}5024C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x8000000000000000633161Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:27:08.015{FA0EBB31-DC7B-626A-1901-000000004C02}5024C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000633157Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:27:08.012{FA0EBB31-DC7B-626A-1901-000000004C02}5024C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000633155Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:27:08.012{FA0EBB31-DC7B-626A-1901-000000004C02}5024C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000633136Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:27:08.011{FA0EBB31-DC7B-626A-1901-000000004C02}5024C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000633127Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:27:08.010{FA0EBB31-DC7B-626A-1901-000000004C02}5024C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000633125Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:27:08.009{FA0EBB31-DC7B-626A-1901-000000004C02}5024C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000633123Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:27:08.009{FA0EBB31-DC7B-626A-1901-000000004C02}5024C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000633120Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:27:08.007{FA0EBB31-DC7B-626A-1901-000000004C02}5024C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000633115Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:27:08.005{FA0EBB31-DC7B-626A-1901-000000004C02}5024C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000633111Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:27:08.005{FA0EBB31-DC7B-626A-1901-000000004C02}5024C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 12241200x8000000000000000675874Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-04-28 18:22:22.138{5B5DB6BA-DB5E-626A-E100-000000004D02}3088C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x8000000000000000675873Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-04-28 18:22:22.123{5B5DB6BA-DB5E-626A-E100-000000004D02}3088C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x8000000000000000675872Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-04-28 18:22:22.107{5B5DB6BA-DB5E-626A-E100-000000004D02}3088C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x8000000000000000675861Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:22:22.091{5B5DB6BA-DB5E-626A-E100-000000004D02}3088C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000675845Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:22:22.091{5B5DB6BA-DB5E-626A-E100-000000004D02}3088C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000675842Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:22:22.091{5B5DB6BA-DB5E-626A-E100-000000004D02}3088C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000675840Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:22:22.091{5B5DB6BA-DB5E-626A-E100-000000004D02}3088C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000675837Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:22:22.091{5B5DB6BA-DB5E-626A-E100-000000004D02}3088C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000675833Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:22:22.091{5B5DB6BA-DB5E-626A-E100-000000004D02}3088C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000675828Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:22:22.091{5B5DB6BA-DB5E-626A-E100-000000004D02}3088C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000675806Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:22:22.091{5B5DB6BA-DB5E-626A-E100-000000004D02}3088C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000675803Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:22:22.091{5B5DB6BA-DB5E-626A-E100-000000004D02}3088C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000675801Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:22:22.091{5B5DB6BA-DB5E-626A-E100-000000004D02}3088C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000674440Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\UsnQWORD (0x00000000-0x007fcfb0)NT AUTHORITY\SYSTEM 13241300x8000000000000000674439Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\LanguageDWORD (0x00000000)NT AUTHORITY\SYSTEM 13241300x8000000000000000674438Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\SizeQWORD (0x00000000-0x00011838)NT AUTHORITY\SYSTEM 13241300x8000000000000000674437Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\AppxPackageRelativeId(Empty)NT AUTHORITY\SYSTEM 13241300x8000000000000000674436Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\AppxPackageFullName(Empty)NT AUTHORITY\SYSTEM 13241300x8000000000000000674435Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\BinProductVersion5.1.55.828NT AUTHORITY\SYSTEM 13241300x8000000000000000674434Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\LinkDate08/29/2021 00:22:59NT AUTHORITY\SYSTEM 13241300x8000000000000000674433Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\ProductVersion1.55NT AUTHORITY\SYSTEM 13241300x8000000000000000674432Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\ProductNamenpcapNT AUTHORITY\SYSTEM 13241300x8000000000000000674431Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\BinaryTypepe64_amd64NT AUTHORITY\SYSTEM 13241300x8000000000000000674430Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\BinFileVersion5.1.55.828NT AUTHORITY\SYSTEM 13241300x8000000000000000674429Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\Version1.55NT AUTHORITY\SYSTEM 13241300x8000000000000000674428Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\Publisherinsecure.com llc.NT AUTHORITY\SYSTEM 13241300x8000000000000000674427Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\OriginalFileNamenpcap.sysNT AUTHORITY\SYSTEM 13241300x8000000000000000674426Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\Namenpcap.sysNT AUTHORITY\SYSTEM 13241300x8000000000000000674425Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\LongPathHashnpcap.sys|3741aa4c3d128834NT AUTHORITY\SYSTEM 13241300x8000000000000000674424Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\LowerCaseLongPathc:\program files\npcap\npcap.sysNT AUTHORITY\SYSTEM 13241300x8000000000000000674423Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\FileId0000326858172444949a25a0fb8ec5bb9e90c5eeb7e8NT AUTHORITY\SYSTEM 13241300x8000000000000000674422Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\ProgramId0000663de35f4d04146ae36ebf14122b6e9f0000ffffNT AUTHORITY\SYSTEM 12241200x8000000000000000674421Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-CreateKey2022-04-28 18:21:20.717{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834NT AUTHORITY\SYSTEM 13241300x8000000000000000674367Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkmonitornoh|e59d09056446ab10\OriginalFileNamesplunkmonitornohandle.sysNT AUTHORITY\SYSTEM 13241300x8000000000000000674366Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkmonitornoh|e59d09056446ab10\NameSplunkMonitorNoHandleDrv.sysNT AUTHORITY\SYSTEM 13241300x8000000000000000674364Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkmonitornoh|e59d09056446ab10\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunkmonitornohandledrv.sysNT AUTHORITY\SYSTEM 13241300x8000000000000000674360Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\UsnQWORD (0x00000000-0x00545558)NT AUTHORITY\SYSTEM 13241300x8000000000000000674359Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\LanguageDWORD (0x00000409)NT AUTHORITY\SYSTEM 13241300x8000000000000000674358Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\SizeQWORD (0x00000000-0x0000bce8)NT AUTHORITY\SYSTEM 13241300x8000000000000000674357Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\AppxPackageRelativeId(Empty)NT AUTHORITY\SYSTEM 13241300x8000000000000000674356Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\AppxPackageFullName(Empty)NT AUTHORITY\SYSTEM 13241300x8000000000000000674355Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\BinProductVersion10.0.10011.16384NT AUTHORITY\SYSTEM 13241300x8000000000000000674354Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\LinkDate10/02/2019 17:37:08NT AUTHORITY\SYSTEM 13241300x8000000000000000674353Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\ProductVersion10.0.10011.16384NT AUTHORITY\SYSTEM 13241300x8000000000000000674352Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\ProductNamewindows (r) win 7 ddk driverNT AUTHORITY\SYSTEM 13241300x8000000000000000674351Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\BinaryTypepe64_amd64NT AUTHORITY\SYSTEM 13241300x8000000000000000674350Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\BinFileVersion10.0.10011.16384NT AUTHORITY\SYSTEM 13241300x8000000000000000674349Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\Version10.0.10011.16384NT AUTHORITY\SYSTEM 13241300x8000000000000000674348Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\Publisherwindows (r) win 7 ddk providerNT AUTHORITY\SYSTEM 13241300x8000000000000000674347Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\OriginalFileNamesplunkdrv.sysNT AUTHORITY\SYSTEM 13241300x8000000000000000674346Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\Namesplunkdrv.sysNT AUTHORITY\SYSTEM 13241300x8000000000000000674345Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\LongPathHashsplunkdrv.sys|d26d9681615e2fdeNT AUTHORITY\SYSTEM 13241300x8000000000000000674344Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunkdrv.sysNT AUTHORITY\SYSTEM 13241300x8000000000000000674343Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\FileId0000cb016be0bf44d8d16724601899ab98773b061f6fNT AUTHORITY\SYSTEM 13241300x8000000000000000674342Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\ProgramId00003fa61965e10b70214d70fe482073af3000000904NT AUTHORITY\SYSTEM 12241200x8000000000000000674341Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-CreateKey2022-04-28 18:21:20.702{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fdeNT AUTHORITY\SYSTEM 13241300x8000000000000000674076Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\UsnQWORD (0x00000000-0x00544660)NT AUTHORITY\SYSTEM 13241300x8000000000000000674075Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\LanguageDWORD (0x00000409)NT AUTHORITY\SYSTEM 13241300x8000000000000000674074Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\SizeQWORD (0x00000000-0x0000d2e8)NT AUTHORITY\SYSTEM 13241300x8000000000000000674073Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\AppxPackageRelativeId(Empty)NT AUTHORITY\SYSTEM 13241300x8000000000000000674072Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\AppxPackageFullName(Empty)NT AUTHORITY\SYSTEM 13241300x8000000000000000674071Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\BinProductVersion10.0.10011.16384NT AUTHORITY\SYSTEM 13241300x8000000000000000674070Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\LinkDate09/27/2019 18:25:44NT AUTHORITY\SYSTEM 13241300x8000000000000000674069Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\ProductVersion10.0.10011.16384NT AUTHORITY\SYSTEM 13241300x8000000000000000674068Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\ProductNamewindows (r) win 7 ddk driverNT AUTHORITY\SYSTEM 13241300x8000000000000000674067Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\BinaryTypepe64_amd64NT AUTHORITY\SYSTEM 13241300x8000000000000000674066Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\BinFileVersion10.0.10011.16384NT AUTHORITY\SYSTEM 13241300x8000000000000000674065Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\Version10.0.10011.16384NT AUTHORITY\SYSTEM 13241300x8000000000000000674064Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\Publisherwindows (r) win 7 ddk providerNT AUTHORITY\SYSTEM 13241300x8000000000000000674063Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\OriginalFileNamesplknetdrv.sysNT AUTHORITY\SYSTEM 13241300x8000000000000000674062Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\Namesplknetdrv.sysNT AUTHORITY\SYSTEM 13241300x8000000000000000674061Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\LongPathHashsplknetdrv.sys|9d837bc7abc517fNT AUTHORITY\SYSTEM 13241300x8000000000000000674060Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splknetdrv.sysNT AUTHORITY\SYSTEM 13241300x8000000000000000674059Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\FileId000007b7d667a74be258555493c818808703861b76a6NT AUTHORITY\SYSTEM 13241300x8000000000000000674058Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\ProgramId00003fa61965e10b70214d70fe482073af3000000904NT AUTHORITY\SYSTEM 12241200x8000000000000000674057Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-CreateKey2022-04-28 18:21:20.154{5B5DB6BA-DB1A-626A-D000-000000004D02}3548C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{bcd5a533-5ea6-7bf0-85a8-2c9632c5996b}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517fNT AUTHORITY\SYSTEM 13241300x8000000000000000619395Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:18:56.873{FA0EBB31-D9D5-626A-A300-000000004C02}92\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000619394Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:18:56.873{FA0EBB31-D9D5-626A-A300-000000004C02}92\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000619393Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:18:56.873{FA0EBB31-D9D5-626A-A300-000000004C02}92\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000619392Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:18:56.873{FA0EBB31-D9D5-626A-A300-000000004C02}92\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000619391Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:18:56.873{FA0EBB31-D9D5-626A-A300-000000004C02}92\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000619390Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:18:56.873{FA0EBB31-D9D5-626A-A300-000000004C02}92\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000619389Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:18:56.873{FA0EBB31-D9D5-626A-A300-000000004C02}92\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000667636Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:15:42.734{5B5DB6BA-D9B0-626A-9A00-000000004D02}1808\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000667635Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:15:42.734{5B5DB6BA-D9B0-626A-9A00-000000004D02}1808\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000667634Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:15:42.734{5B5DB6BA-D9B0-626A-9A00-000000004D02}1808\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000667633Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:15:42.734{5B5DB6BA-D9B0-626A-9A00-000000004D02}1808\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000667632Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:15:42.734{5B5DB6BA-D9B0-626A-9A00-000000004D02}1808\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000667631Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:15:42.734{5B5DB6BA-D9B0-626A-9A00-000000004D02}1808\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000667630Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:15:42.734{5B5DB6BA-D9B0-626A-9A00-000000004D02}1808\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 12241200x8000000000000000581919Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-04-28 18:12:03.326{FA0EBB31-D8F3-626A-3600-000000004C02}2756C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x8000000000000000581910Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-04-28 18:12:03.310{FA0EBB31-D8F3-626A-3600-000000004C02}2756C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x8000000000000000581898Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-04-28 18:12:03.294{FA0EBB31-D8F3-626A-3600-000000004C02}2756C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x8000000000000000581849Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:12:03.199{FA0EBB31-D8F3-626A-3600-000000004C02}2756C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000581847Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:12:03.199{FA0EBB31-D8F3-626A-3600-000000004C02}2756C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000581844Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:12:03.199{FA0EBB31-D8F3-626A-3600-000000004C02}2756C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000581836Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:12:03.199{FA0EBB31-D8F3-626A-3600-000000004C02}2756C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000581817Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:12:03.199{FA0EBB31-D8F3-626A-3600-000000004C02}2756C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000581815Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:12:03.199{FA0EBB31-D8F3-626A-3600-000000004C02}2756C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000581813Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:12:03.199{FA0EBB31-D8F3-626A-3600-000000004C02}2756C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000581810Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:12:03.199{FA0EBB31-D8F3-626A-3600-000000004C02}2756C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000581808Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:12:03.199{FA0EBB31-D8F3-626A-3600-000000004C02}2756C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000581806Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:12:03.199{FA0EBB31-D8F3-626A-3600-000000004C02}2756C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 11241100x8000000000000000576609Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-04-28 18:11:45.716{FA0EBB31-D8C8-626A-0200-000000004C02}308C:\Windows\System32\smss.exeC:\pagefile.sys2022-04-27 13:20:44.482NT AUTHORITY\SYSTEM 13241300x8000000000000000576595Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:11:45.263{FA0EBB31-D8C8-626A-0200-000000004C02}308C:\Windows\System32\smss.exeHKLM\BCD00000000\Objects\{0daf9bb9-94c8-11e6-b1fd-0e5bdc9ce43b}\Elements\22000002\Element\hiberfil.sysNT AUTHORITY\SYSTEM 12241200x8000000000000000635350Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-04-28 18:11:12.439{5B5DB6BA-D8C0-626A-2B00-000000004D02}2868C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x8000000000000000635303Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-04-28 18:11:12.424{5B5DB6BA-D8C0-626A-2B00-000000004D02}2868C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x8000000000000000635251Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-04-28 18:11:12.408{5B5DB6BA-D8C0-626A-2B00-000000004D02}2868C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x8000000000000000635027Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:11:12.343{5B5DB6BA-D8C0-626A-2B00-000000004D02}2868C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000635023Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:11:12.328{5B5DB6BA-D8C0-626A-2B00-000000004D02}2868C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000635018Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:11:12.328{5B5DB6BA-D8C0-626A-2B00-000000004D02}2868C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000635016Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:11:12.328{5B5DB6BA-D8C0-626A-2B00-000000004D02}2868C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000635014Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:11:12.328{5B5DB6BA-D8C0-626A-2B00-000000004D02}2868C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000635012Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:11:12.328{5B5DB6BA-D8C0-626A-2B00-000000004D02}2868C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000635010Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:11:12.328{5B5DB6BA-D8C0-626A-2B00-000000004D02}2868C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000635008Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:11:12.328{5B5DB6BA-D8C0-626A-2B00-000000004D02}2868C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000635004Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:11:12.328{5B5DB6BA-D8C0-626A-2B00-000000004D02}2868C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000634989Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:11:12.328{5B5DB6BA-D8C0-626A-2B00-000000004D02}2868C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 11241100x8000000000000000632168Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-2022-04-28 18:11:09.326{5B5DB6BA-D8B5-626A-0200-000000004D02}324C:\Windows\System32\smss.exeC:\pagefile.sys2022-04-27 13:37:56.466NT AUTHORITY\SYSTEM 13241300x8000000000000000632155Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:11:08.904{5B5DB6BA-D8B5-626A-0200-000000004D02}324C:\Windows\System32\smss.exeHKLM\BCD00000000\Objects\{0daf9bb9-94c8-11e6-b1fd-0e5bdc9ce43b}\Elements\22000002\Element\hiberfil.sysNT AUTHORITY\SYSTEM 12241200x8000000000000000626056Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-04-28 18:09:44.525{5B5DB6BA-D868-626A-A630-000000004C02}5948C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x8000000000000000626055Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-04-28 18:09:44.519{5B5DB6BA-D868-626A-A630-000000004C02}5948C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x8000000000000000626054Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-DeleteValue2022-04-28 18:09:44.504{5B5DB6BA-D868-626A-A630-000000004C02}5948C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x8000000000000000626001Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:09:44.488{5B5DB6BA-D868-626A-A630-000000004C02}5948C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000625999Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:09:44.488{5B5DB6BA-D868-626A-A630-000000004C02}5948C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000625997Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:09:44.488{5B5DB6BA-D868-626A-A630-000000004C02}5948C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000625995Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:09:44.488{5B5DB6BA-D868-626A-A630-000000004C02}5948C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000625993Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:09:44.488{5B5DB6BA-D868-626A-A630-000000004C02}5948C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000625991Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:09:44.488{5B5DB6BA-D868-626A-A630-000000004C02}5948C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000625989Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:09:44.488{5B5DB6BA-D868-626A-A630-000000004C02}5948C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000625985Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:09:44.473{5B5DB6BA-D868-626A-A630-000000004C02}5948C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000625959Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:09:44.473{5B5DB6BA-D868-626A-A630-000000004C02}5948C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000625957Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-SetValue2022-04-28 18:09:44.473{5B5DB6BA-D868-626A-A630-000000004C02}5948C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 12241200x8000000000000000566905Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-04-28 18:08:17.397{FA0EBB31-D811-626A-9733-000000004B02}5408C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]NT AUTHORITY\SYSTEM 12241200x8000000000000000566904Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-04-28 18:08:17.376{FA0EBB31-D811-626A-9733-000000004B02}5408C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]NT AUTHORITY\SYSTEM 12241200x8000000000000000566903Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-DeleteValue2022-04-28 18:08:17.376{FA0EBB31-D811-626A-9733-000000004B02}5408C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]NT AUTHORITY\SYSTEM 13241300x8000000000000000566850Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:08:17.360{FA0EBB31-D811-626A-9733-000000004B02}5408C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:2067544410,HighDateTime:30531428***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000566848Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:08:17.360{FA0EBB31-D811-626A-9733-000000004B02}5408C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000566846Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:08:17.360{FA0EBB31-D811-626A-9733-000000004B02}5408C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000566844Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:08:17.360{FA0EBB31-D811-626A-9733-000000004B02}5408C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000566842Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:08:17.360{FA0EBB31-D811-626A-9733-000000004B02}5408C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000566840Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:08:17.359{FA0EBB31-D811-626A-9733-000000004B02}5408C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000566838Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:08:17.359{FA0EBB31-D811-626A-9733-000000004B02}5408C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]LowDateTime:1964924432,HighDateTime:30577847***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000566834Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:08:17.343{FA0EBB31-D811-626A-9733-000000004B02}5408C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]LowDateTime:471290125,HighDateTime:30846383***Binary mof failed, see WMIPROV.LOGNT AUTHORITY\SYSTEM 13241300x8000000000000000566808Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:08:17.343{FA0EBB31-D811-626A-9733-000000004B02}5408C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x8000000000000000566806Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-SetValue2022-04-28 18:08:17.343{FA0EBB31-D811-626A-9733-000000004B02}5408C:\Windows\system32\wbem\wmiprvse.exeHKLM\SOFTWARE\Microsoft\Wbem\WDM\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 11241100x8000000000000000561826Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-04-28 18:05:49.707{FA0EBB31-771E-6269-8009-000000004B02}1872C:\Windows\Explorer.EXEC:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package\combroker.sys2022-04-28 18:05:49.707 11241100x8000000000000000561792Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-04-28 18:05:47.511{FA0EBB31-771E-6269-8009-000000004B02}1872C:\Windows\Explorer.EXEC:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\combroker.sys2022-04-28 18:05:47.511 11241100x8000000000000000561787Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-04-28 18:05:45.527{FA0EBB31-771E-6269-8009-000000004B02}1872C:\Windows\Explorer.EXEC:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\payloads\originals\Capcom.sys2022-04-28 18:05:45.527 13241300x8000000000000000146173Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803InvDB-VerSetValue2022-04-27 21:03:56.025{5B5DB6BA-AFBA-6269-D80C-000000004C02}1560C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{4600fbed-acac-f2c4-2625-a54004056594}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\BinProductVersion5.1.55.828 13241300x8000000000000000146172Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803InvDB-CompileTimeClaimSetValue2022-04-27 21:03:56.025{5B5DB6BA-AFBA-6269-D80C-000000004C02}1560C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{4600fbed-acac-f2c4-2625-a54004056594}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\LinkDate08/29/2021 00:22:59 13241300x8000000000000000146171Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803InvDB-PubSetValue2022-04-27 21:03:56.025{5B5DB6BA-AFBA-6269-D80C-000000004C02}1560C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{4600fbed-acac-f2c4-2625-a54004056594}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\Publisherinsecure.com llc. 13241300x8000000000000000146170Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803InvDB-PathSetValue2022-04-27 21:03:56.025{5B5DB6BA-AFBA-6269-D80C-000000004C02}1560C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{4600fbed-acac-f2c4-2625-a54004056594}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\LowerCaseLongPathc:\program files\npcap\npcap.sys 13241300x8000000000000000146160Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803InvDB-PathSetValue2022-04-27 21:03:55.979{5B5DB6BA-AFBA-6269-D80C-000000004C02}1560C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{4600fbed-acac-f2c4-2625-a54004056594}\Root\InventoryApplicationFile\splunkmonitornoh|e59d09056446ab10\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunkmonitornohandledrv.sys 13241300x8000000000000000146159Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803InvDB-VerSetValue2022-04-27 21:03:55.978{5B5DB6BA-AFBA-6269-D80C-000000004C02}1560C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{4600fbed-acac-f2c4-2625-a54004056594}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\BinProductVersion10.0.10011.16384 13241300x8000000000000000146158Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803InvDB-CompileTimeClaimSetValue2022-04-27 21:03:55.978{5B5DB6BA-AFBA-6269-D80C-000000004C02}1560C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{4600fbed-acac-f2c4-2625-a54004056594}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\LinkDate10/02/2019 17:37:08 13241300x8000000000000000146157Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803InvDB-PubSetValue2022-04-27 21:03:55.978{5B5DB6BA-AFBA-6269-D80C-000000004C02}1560C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{4600fbed-acac-f2c4-2625-a54004056594}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\Publisherwindows (r) win 7 ddk provider 13241300x8000000000000000146156Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803InvDB-PathSetValue2022-04-27 21:03:55.978{5B5DB6BA-AFBA-6269-D80C-000000004C02}1560C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{4600fbed-acac-f2c4-2625-a54004056594}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunkdrv.sys 13241300x8000000000000000146103Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803InvDB-VerSetValue2022-04-27 21:03:55.973{5B5DB6BA-AFBA-6269-D80C-000000004C02}1560C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{4600fbed-acac-f2c4-2625-a54004056594}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\BinProductVersion10.0.10011.16384 13241300x8000000000000000146102Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803InvDB-CompileTimeClaimSetValue2022-04-27 21:03:55.973{5B5DB6BA-AFBA-6269-D80C-000000004C02}1560C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{4600fbed-acac-f2c4-2625-a54004056594}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\LinkDate09/27/2019 18:25:44 13241300x8000000000000000146101Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803InvDB-PubSetValue2022-04-27 21:03:55.973{5B5DB6BA-AFBA-6269-D80C-000000004C02}1560C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{4600fbed-acac-f2c4-2625-a54004056594}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\Publisherwindows (r) win 7 ddk provider 13241300x8000000000000000146100Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803InvDB-PathSetValue2022-04-27 21:03:55.973{5B5DB6BA-AFBA-6269-D80C-000000004C02}1560C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{4600fbed-acac-f2c4-2625-a54004056594}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splknetdrv.sys 13241300x80000000000000006259Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803Suspicious,ImageBeginWithBackslashSetValue2022-04-27 14:20:27.431{5B5DB6BA-5119-6269-FA00-000000004C02}2372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfully 13241300x80000000000000006258Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803Suspicious,ImageBeginWithBackslashSetValue2022-04-27 14:20:27.431{5B5DB6BA-5119-6269-FA00-000000004C02}2372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfully 13241300x80000000000000006257Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803Suspicious,ImageBeginWithBackslashSetValue2022-04-27 14:20:27.431{5B5DB6BA-5119-6269-FA00-000000004C02}2372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfully 13241300x80000000000000006256Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803Suspicious,ImageBeginWithBackslashSetValue2022-04-27 14:20:27.431{5B5DB6BA-5119-6269-FA00-000000004C02}2372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfully 13241300x80000000000000006255Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803Suspicious,ImageBeginWithBackslashSetValue2022-04-27 14:20:27.431{5B5DB6BA-5119-6269-FA00-000000004C02}2372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfully 13241300x80000000000000006254Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803Suspicious,ImageBeginWithBackslashSetValue2022-04-27 14:20:27.431{5B5DB6BA-5119-6269-FA00-000000004C02}2372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfully 13241300x80000000000000006253Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803Suspicious,ImageBeginWithBackslashSetValue2022-04-27 14:20:27.431{5B5DB6BA-5119-6269-FA00-000000004C02}2372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfully 13241300x80000000000000005500Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803T1031,T1050SetValue2022-04-27 14:18:34.930{5B5DB6BA-5028-6269-0A00-000000004C02}608C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\npcap\ImagePath\SystemRoot\system32\DRIVERS\npcap.sys 11241100x80000000000000005333Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-2022-04-27 14:18:33.473{5B5DB6BA-50B7-6269-D500-000000004C02}1980C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\npcap-1.55-oem.exeC:\Program Files\Npcap\npcap.sys2022-04-27 14:18:33.473 13241300x800000000000000012578Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2022-04-27 14:02:00.331{FA0EBB31-4C90-6269-0101-000000004B02}1904\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfully 13241300x800000000000000012577Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2022-04-27 14:02:00.331{FA0EBB31-4C90-6269-0101-000000004B02}1904\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfully 13241300x800000000000000012576Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2022-04-27 14:02:00.331{FA0EBB31-4C90-6269-0101-000000004B02}1904\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfully 13241300x800000000000000012575Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2022-04-27 14:02:00.331{FA0EBB31-4C90-6269-0101-000000004B02}1904\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfully 13241300x800000000000000012574Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2022-04-27 14:02:00.331{FA0EBB31-4C90-6269-0101-000000004B02}1904\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfully 13241300x800000000000000012573Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2022-04-27 14:02:00.331{FA0EBB31-4C90-6269-0101-000000004B02}1904\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfully 13241300x800000000000000012572Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2022-04-27 14:02:00.331{FA0EBB31-4C90-6269-0101-000000004B02}1904\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfully 13241300x80000000000000009319Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.localT1031,T1050SetValue2022-04-27 13:59:02.463{FA0EBB31-4B9D-6269-0A00-000000004B02}624C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\npcap\ImagePath\SystemRoot\system32\DRIVERS\npcap.sys 11241100x80000000000000009135Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-04-27 13:59:00.596{FA0EBB31-4C22-6269-D900-000000004B02}4016C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\npcap-1.55-oem.exeC:\Program Files\Npcap\npcap.sys2022-04-27 13:59:00.596 13241300x80000000000000002822Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2022-04-27 13:55:16.215{FA0EBB31-4B30-6269-3C03-000000004A02}5064\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfully 13241300x80000000000000002821Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2022-04-27 13:55:16.215{FA0EBB31-4B30-6269-3C03-000000004A02}5064\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfully 13241300x80000000000000002820Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2022-04-27 13:55:16.215{FA0EBB31-4B30-6269-3C03-000000004A02}5064\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfully 13241300x80000000000000002819Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2022-04-27 13:55:16.215{FA0EBB31-4B30-6269-3C03-000000004A02}5064\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfully 13241300x80000000000000002818Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2022-04-27 13:55:16.215{FA0EBB31-4B30-6269-3C03-000000004A02}5064\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfully 13241300x80000000000000002817Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2022-04-27 13:55:16.214{FA0EBB31-4B30-6269-3C03-000000004A02}5064\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfully 13241300x80000000000000002816Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2022-04-27 13:55:16.214{FA0EBB31-4B30-6269-3C03-000000004A02}5064\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfully