12/19/2022 09:37:29 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=50
EventType=4
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Information
RecordNumber=46
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes have successfully been committed to 'MACHINE/WEBROOT/APPHOST'.
12/19/2022 09:37:29 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=45
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/modules/add[@name="IIS_Backdoor_no_xml2"]/@name' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 09:37:29 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=44
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/modules/add[@name="IIS_Backdoor_no_xml2"]' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 09:37:29 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=43
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/globalModules/add[@name="IIS_Backdoor_no_xml2"]/@image' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 09:37:29 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=42
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/globalModules/add[@name="IIS_Backdoor_no_xml2"]/@name' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 09:37:29 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=41
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/globalModules/add[@name="IIS_Backdoor_no_xml2"]' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 09:24:11 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=50
EventType=4
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Information
RecordNumber=40
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes have successfully been committed to 'MACHINE/WEBROOT/APPHOST/Default Web Site'.
12/19/2022 09:24:11 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=39
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/modules/add[@name="IIS_Backdoor"]/@name' at 'MACHINE/WEBROOT/APPHOST/Default Web Site' have successfully been committed.
12/19/2022 09:24:11 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=38
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/modules/add[@name="IIS_Backdoor"]' at 'MACHINE/WEBROOT/APPHOST/Default Web Site' have successfully been committed.
12/19/2022 09:24:11 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=37
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/modules/remove[@name="IIS_Backdoor"]' at 'MACHINE/WEBROOT/APPHOST/Default Web Site' have successfully been committed.
12/19/2022 09:09:16 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=50
EventType=4
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Information
RecordNumber=36
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes have successfully been committed to 'MACHINE/WEBROOT/APPHOST'.
12/19/2022 09:09:16 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=35
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/modules/add[@name="IIS_Backdoor_no_xml"]/@name' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 09:09:16 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=34
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/modules/add[@name="IIS_Backdoor_no_xml"]' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 09:09:16 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=33
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/globalModules/add[@name="IIS_Backdoor_no_xml"]/@image' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 09:09:16 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=32
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/globalModules/add[@name="IIS_Backdoor_no_xml"]/@name' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 09:09:16 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=31
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/globalModules/add[@name="IIS_Backdoor_no_xml"]' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 09:06:13 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=50
EventType=4
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Information
RecordNumber=30
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes have successfully been committed to 'MACHINE/WEBROOT/APPHOST'.
12/19/2022 09:06:13 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=29
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/modules/add[@name="IIS_Backdoor4xml22"]/@name' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 09:06:13 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=28
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/modules/add[@name="IIS_Backdoor4xml22"]' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 09:06:13 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=27
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/globalModules/add[@name="IIS_Backdoor4xml22"]/@image' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 09:06:13 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=26
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/globalModules/add[@name="IIS_Backdoor4xml22"]/@name' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 09:06:13 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=25
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/globalModules/add[@name="IIS_Backdoor4xml22"]' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 09:03:54 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=50
EventType=4
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Information
RecordNumber=24
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes have successfully been committed to 'MACHINE/WEBROOT/APPHOST'.
12/19/2022 09:03:54 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=23
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/modules/add[@name="IIS_Backdoor4xml2"]/@name' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 09:03:54 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=22
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/modules/add[@name="IIS_Backdoor4xml2"]' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 09:03:54 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=21
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/globalModules/add[@name="IIS_Backdoor4xml2"]/@image' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 09:03:54 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=20
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/globalModules/add[@name="IIS_Backdoor4xml2"]/@name' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 09:03:54 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=19
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/globalModules/add[@name="IIS_Backdoor4xml2"]' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 08:59:56 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=50
EventType=4
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Information
RecordNumber=18
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes have successfully been committed to 'MACHINE/WEBROOT/APPHOST'.
12/19/2022 08:59:56 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=17
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/modules/add[@name="IIS_Backdoor4xml"]/@name' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 08:59:56 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=16
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/modules/add[@name="IIS_Backdoor4xml"]' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 08:59:56 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=15
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/globalModules/add[@name="IIS_Backdoor4xml"]/@image' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 08:59:56 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=14
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/globalModules/add[@name="IIS_Backdoor4xml"]/@name' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 08:59:56 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=13
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/globalModules/add[@name="IIS_Backdoor4xml"]' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 08:58:28 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=50
EventType=4
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Information
RecordNumber=12
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes have successfully been committed to 'MACHINE/WEBROOT/APPHOST'.
12/19/2022 08:58:28 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=11
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/modules/add[@name="IIS_Backdoor4"]/@name' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 08:58:28 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=10
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/modules/add[@name="IIS_Backdoor4"]' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 08:58:28 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=9
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/globalModules/add[@name="IIS_Backdoor4"]/@image' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 08:58:28 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=8
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/globalModules/add[@name="IIS_Backdoor4"]/@name' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.
12/19/2022 08:58:28 PM
LogName=Microsoft-IIS-Configuration/Operational
EventCode=29
EventType=5
ComputerName=win-host-mhaag-attack-range-622
User=NOT_TRANSLATED
Sid=S-1-5-21-3216645927-1635190040-3255658478-500
SidType=0
SourceName=Microsoft-Windows-IIS-Configuration
Type=Verbose
RecordNumber=7
Keywords=None
TaskCategory=None
OpCode=Info
Message=Changes to '/system.webServer/globalModules/add[@name="IIS_Backdoor4"]' at 'MACHINE/WEBROOT/APPHOST' have successfully been committed.