13241300x80000000000000008673Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1060,RunKeySetValue2024-06-17 16:00:12.133{8C7CB5F3-5D8C-6670-0703-000000000B03}3216C:\Windows\System32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\FVE\UsePINDWORD (0x00000002)AR-WIN-2\Administrator 13241300x80000000000000008630Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1060,RunKeySetValue2024-06-17 16:00:12.039{8C7CB5F3-5D8B-6670-0503-000000000B03}4000C:\Windows\System32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\FVE\UsePartialEncryptionKeyDWORD (0x00000002)AR-WIN-2\Administrator 13241300x80000000000000008587Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1060,RunKeySetValue2024-06-17 16:00:11.977{8C7CB5F3-5D8B-6670-0303-000000000B03}4868C:\Windows\System32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\FVE\EnableNonTPMDWORD (0x00000001)AR-WIN-2\Administrator 13241300x80000000000000008544Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1060,RunKeySetValue2024-06-17 16:00:11.883{8C7CB5F3-5D8B-6670-0103-000000000B03}4620C:\Windows\System32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\FVE\UseTPMKeyPINDWORD (0x00000002)AR-WIN-2\Administrator 13241300x80000000000000008501Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1060,RunKeySetValue2024-06-17 16:00:11.805{8C7CB5F3-5D8B-6670-FF02-000000000B03}2852C:\Windows\System32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\FVE\UseTPMKeyDWORD (0x00000002)AR-WIN-2\Administrator 13241300x80000000000000008458Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1060,RunKeySetValue2024-06-17 16:00:11.742{8C7CB5F3-5D8B-6670-FD02-000000000B03}188C:\Windows\System32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\FVE\UseTPMPINDWORD (0x00000002)AR-WIN-2\Administrator 13241300x80000000000000008415Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1060,RunKeySetValue2024-06-17 16:00:11.664{8C7CB5F3-5D8B-6670-FB02-000000000B03}2760C:\Windows\System32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\FVE\UseTPMDWORD (0x00000002)AR-WIN-2\Administrator 13241300x80000000000000008372Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1060,RunKeySetValue2024-06-17 16:00:11.586{8C7CB5F3-5D8B-6670-F902-000000000B03}700C:\Windows\System32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\FVE\EnableBDEWithNoTPMDWORD (0x00000001)AR-WIN-2\Administrator 13241300x80000000000000008329Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1060,RunKeySetValue2024-06-17 16:00:11.524{8C7CB5F3-5D8B-6670-F702-000000000B03}1980C:\Windows\System32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\FVE\UseAdvancedStartupDWORD (0x00000001)AR-WIN-2\Administrator