12241200x80000000000000001260767Microsoft-Windows-Sysmon/Operationaltestlab-win-dc.attackrange.local-DeleteKey2024-09-10 11:07:39.713{35cd7c13-287a-66e0-561d-000000009402}2812C:\Temp\valleyrat.exeHKU\S-1-5-21-575361180-676758524-1812873886-500_Classes\.pwnATTACKRANGE\Administrator 12241200x80000000000000001260766Microsoft-Windows-Sysmon/Operationaltestlab-win-dc.attackrange.local-DeleteKey2024-09-10 11:07:39.713{35cd7c13-287a-66e0-561d-000000009402}2812C:\Temp\valleyrat.exeHKU\S-1-5-21-575361180-676758524-1812873886-500_Classes\.pwn\ShellATTACKRANGE\Administrator 12241200x80000000000000001260765Microsoft-Windows-Sysmon/Operationaltestlab-win-dc.attackrange.local-DeleteKey2024-09-10 11:07:39.713{35cd7c13-287a-66e0-561d-000000009402}2812C:\Temp\valleyrat.exeHKU\S-1-5-21-575361180-676758524-1812873886-500_Classes\.pwn\Shell\OpenATTACKRANGE\Administrator 12241200x80000000000000001260764Microsoft-Windows-Sysmon/Operationaltestlab-win-dc.attackrange.local-DeleteKey2024-09-10 11:07:39.713{35cd7c13-287a-66e0-561d-000000009402}2812C:\Temp\valleyrat.exeHKU\S-1-5-21-575361180-676758524-1812873886-500_Classes\.pwn\Shell\Open\commandATTACKRANGE\Administrator 13241300x80000000000000001260648Microsoft-Windows-Sysmon/Operationaltestlab-win-dc.attackrange.local-SetValue2024-09-10 11:07:27.153{35cd7c13-286d-66e0-541d-000000009402}3820C:\Windows\regedit.exeHKU\S-1-5-21-575361180-676758524-1812873886-500_Classes\ms-settings\CurVer\(Default).pwnATTACKRANGE\Administrator 13241300x80000000000000001260647Microsoft-Windows-Sysmon/Operationaltestlab-win-dc.attackrange.local-SetValue2024-09-10 11:07:27.153{35cd7c13-286d-66e0-541d-000000009402}3820C:\Windows\regedit.exeHKU\S-1-5-21-575361180-676758524-1812873886-500_Classes\.pwn\Shell\Open\command\(Default)"C:\Temp\valleyrat.exe"ATTACKRANGE\Administrator 13241300x80000000000000001259688Microsoft-Windows-Sysmon/Operationaltestlab-win-dc.attackrange.local-SetValue2024-09-10 11:06:04.246{35cd7c13-281a-66e0-431d-000000009402}4636C:\Windows\regedit.exeHKU\S-1-5-21-575361180-676758524-1812873886-500_Classes\ms-settings\CurVer\(Default).pwnATTACKRANGE\Administrator 13241300x80000000000000001259687Microsoft-Windows-Sysmon/Operationaltestlab-win-dc.attackrange.local-SetValue2024-09-10 11:06:04.246{35cd7c13-281a-66e0-431d-000000009402}4636C:\Windows\regedit.exeHKU\S-1-5-21-575361180-676758524-1812873886-500_Classes\.pwn\Shell\Open\command\(Default)"C:\windows\system32\calc.exe"ATTACKRANGE\Administrator