13241300x80000000000000002587792Microsoft-Windows-Sysmon/OperationalATTACK_PC.attackrange.lanContext,DeviceConnectedOrUpdatedSetValue2024-10-11 17:53:50.478{36f816ec-05cf-66ff-eb03-000000000000}4SystemHKLM\System\CurrentControlSet\Enum\USBSTOR\Disk&Ven_BUFFALO&Prod_ClipDrive&Rev_1.88\230760A43F02327B&0\FriendlyNameBUFFALO ClipDrive USB DeviceNT AUTHORITY\SYSTEM 13241300x80000000000000002587806Microsoft-Windows-Sysmon/OperationalATTACK_PC.attackrange.lanContext,DeviceConnectedOrUpdatedSetValue2024-10-11 17:53:52.744{36f816ec-662f-6709-572e-000000008100}9124C:\WINDOWS\system32\DrvInst.exeHKLM\SOFTWARE\Microsoft\Windows Portable Devices\Devices\SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_BUFFALO&PROD_CLIPDRIVE&REV_1.88#230760A43F02327B&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}\FriendlyNameD:\NT AUTHORITY\SYSTEM 13241300x80000000000000002587804Microsoft-Windows-Sysmon/OperationalATTACK_PC.attackrange.lanContext,DeviceConnectedOrUpdatedSetValue2024-10-11 17:53:52.638{36f816ec-6630-6709-5e2e-000000008100}11788C:\Windows\System32\WUDFHost.exeHKLM\System\CurrentControlSet\Enum\SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_BUFFALO&Prod_ClipDrive&Rev_1.88#230760A43F02327B&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\FriendlyNameD:\NT AUTHORITY\LOCAL SERVICE 13241300x80000000000000002587803Microsoft-Windows-Sysmon/OperationalATTACK_PC.attackrange.lanContext,DeviceConnectedOrUpdatedSetValue2024-10-11 17:53:52.638{36f816ec-6630-6709-5e2e-000000008100}11788C:\Windows\System32\WUDFHost.exeHKLM\SOFTWARE\Microsoft\Windows Portable Devices\Devices\SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_BUFFALO&PROD_CLIPDRIVE&REV_1.88#230760A43F02327B&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}\FriendlyNameD:\NT AUTHORITY\LOCAL SERVICE 154100x80000000000000002587844Microsoft-Windows-Sysmon/OperationalATTACK_PC.attackrange.lan-2024-10-11 17:57:25.591{36f816ec-6705-6709-942e-000000008100}6040D:\TOTES_MALWARE.EXE1.0MalwareReal Good MalwareAdequately Persistent Threatsnxc.exe"D:\ncx.exe" smb 192.168.1.10 -u Administrator -p 'October2025' -M lsassyD:\ATTACKER{36f816ec-22f4-6709-f0af-062400000000}0x2406aff02MediumMD5=79EBF63CDA35BD48570DD7293F1528B5,SHA256=02B046940A46C5A304E3C51B9E426D07BCE99B630EEF185A229CF8447E3DA722,IMPHASH=6E603F83014A953AD0ED328EA23AE1AD{36f816ec-22fb-6709-b72b-000000008100}9252C:\WINDOWS\system32\cmd.exeC:\WINDOWS\system32\cmd.exeATTACKER 154100x80000000000000002587843Microsoft-Windows-Sysmon/OperationalATTACK_PC.attackrange.lan-2024-10-11 17:56:27.962{36f816ec-66cb-6709-902e-000000008100}15140C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe129.0.2792.79Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument D:\not_a_phishing_documnet.pdfD:\ATTACKER{36f816ec-22f4-6709-f0af-062400000000}0x2406aff02MediumMD5=79EBF63CDA35BD48570DD7293F1528B5,SHA256=02B046940A46C5A304E3C51B9E426D07BCE99B630EEF185A229CF8447E3DA722,IMPHASH=6E603F83014A953AD0ED328EA23AE1AD{36f816ec-22fb-6709-b72b-000000008100}9252C:\Windows\explorer.exeC:\WINDOWS\Explorer.EXEATTACKER