154100x800000000000000031379193Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-12-21 14:23:39.818{CCA468B6-16EB-63A3-7F29-000000009802}5600C:\Windows\System32\inetsrv\appcmd.exe10.0.14393.4169 (rs1_release.210107-1130)Application Server Command Line Admin ToolInternet Information ServicesMicrosoft Corporationappcmd.exe"C:\Windows\System32\inetsrv\appcmd.exe" set config "Default Web Site/" /section:httplogging /dontlog:trueC:\Users\Administrator\WIN-HOST-MHAAG-\Administrator{CCA468B6-BEAC-63A1-34D7-080000000000}0x8d7342HighMD5=05CB98CB028E1D62B62904DD78F23DC0,SHA256=FED8F5CACFC589EB7A1EFB5F4CAE7EF092934747DF1E91950EBC4B9202EA7CBD{CCA468B6-16E3-63A3-7C29-000000009802}3372C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" WIN-HOST-MHAAG-\Administrator 154100x800000000000000031378965Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-12-21 14:23:39.604{CCA468B6-16EB-63A3-7E29-000000009802}5456C:\Windows\System32\inetsrv\appcmd.exe10.0.14393.4169 (rs1_release.210107-1130)Application Server Command Line Admin ToolInternet Information ServicesMicrosoft Corporationappcmd.exe"C:\Windows\System32\inetsrv\appcmd.exe" unlock config -section:system.webServer/httploggingC:\Users\Administrator\WIN-HOST-MHAAG-\Administrator{CCA468B6-BEAC-63A1-34D7-080000000000}0x8d7342HighMD5=05CB98CB028E1D62B62904DD78F23DC0,SHA256=FED8F5CACFC589EB7A1EFB5F4CAE7EF092934747DF1E91950EBC4B9202EA7CBD{CCA468B6-16E3-63A3-7C29-000000009802}3372C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" WIN-HOST-MHAAG-\Administrator