154100x80000000000000004903835Microsoft-Windows-Sysmon/OperationalATTACKBOX.ATTACK_RANGE.LAN-2025-02-11 19:29:36.722{78198d03-a520-67ab-f2aa-000000005f00}24960C:\Temp\malware.exe10.0.19041.4355 (WinBuild.160101.0800)MALWAREHacket StuffWe Breach YouMALWARE.EXEC:\Temp\malware.exe -cv:veoHBnl+fEWk9ZwL.8C:\WINDOWS\system32\NT AUTHORITY\SYSTEM{78198d03-cc12-67a0-e703-000000000000}0x3e70SystemMD5=BD33AA772F4751C5A79F94636088774E,SHA256=C286747D319818C1205FD487040840353C5F4542FAFFDABAE9131481BDFEB92A,IMPHASH=09ED737A03DB7295BF734A9953F6EB5E{78198d03-a4c6-67ab-ddaa-000000005f00}29288C:\Windows\System32\CompatTelRunner.exe"C:\WINDOWS\system32\compattelrunner.exe"NT AUTHORITY\SYSTEM 13241300x80000000000000004903688Microsoft-Windows-Sysmon/OperationalATTACKBOX.ATTACK_RANGE.LANSuspicious,TelemetryTamperSetValue2025-02-11 19:15:01.939{78198d03-a0f9-67ab-67aa-000000005f00}26104C:\Windows\regedit.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\SneakyPersistence\MaintenanceDWORD (0x00000001)ATTACK_RANGE\ATTACKER 13241300x80000000000000004903686Microsoft-Windows-Sysmon/OperationalATTACKBOX.ATTACK_RANGE.LANSuspicious,TelemetryTamperSetValue2025-02-11 19:14:58.471{78198d03-a0f9-67ab-67aa-000000005f00}26104C:\Windows\regedit.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\SneakyPersistence\OobeDWORD (0x00000001)ATTACK_RANGE\ATTACKER 13241300x80000000000000004903685Microsoft-Windows-Sysmon/OperationalATTACKBOX.ATTACK_RANGE.LANSuspicious,TelemetryTamperSetValue2025-02-11 19:14:55.620{78198d03-a0f9-67ab-67aa-000000005f00}26104C:\Windows\regedit.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\SneakyPersistence\NightlyDWORD (0x00000001)ATTACK_RANGE\ATTACKER 12241200x80000000000000004903684Microsoft-Windows-Sysmon/OperationalATTACKBOX.ATTACK_RANGE.LANSuspicious,TelemetryTamperDeleteValue2025-02-11 19:14:50.023{78198d03-a0f9-67ab-67aa-000000005f00}26104C:\Windows\regedit.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\SneakyPersistence\New Value #1ATTACK_RANGE\ATTACKER 13241300x80000000000000004903683Microsoft-Windows-Sysmon/OperationalATTACKBOX.ATTACK_RANGE.LANSuspicious,TelemetryTamperSetValue2025-02-11 19:14:50.023{78198d03-a0f9-67ab-67aa-000000005f00}26104C:\Windows\regedit.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\SneakyPersistence\MaintenanceDWORD (0x00000000)ATTACK_RANGE\ATTACKER 13241300x80000000000000004903682Microsoft-Windows-Sysmon/OperationalATTACKBOX.ATTACK_RANGE.LANSuspicious,TelemetryTamperSetValue2025-02-11 19:14:42.668{78198d03-a0f9-67ab-67aa-000000005f00}26104C:\Windows\regedit.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\SneakyPersistence\New Value #1DWORD (0x00000000)ATTACK_RANGE\ATTACKER 12241200x80000000000000004903681Microsoft-Windows-Sysmon/OperationalATTACKBOX.ATTACK_RANGE.LANSuspicious,TelemetryTamperDeleteValue2025-02-11 19:14:39.009{78198d03-a0f9-67ab-67aa-000000005f00}26104C:\Windows\regedit.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\SneakyPersistence\New Value #1ATTACK_RANGE\ATTACKER 13241300x80000000000000004903680Microsoft-Windows-Sysmon/OperationalATTACKBOX.ATTACK_RANGE.LANSuspicious,TelemetryTamperSetValue2025-02-11 19:14:39.008{78198d03-a0f9-67ab-67aa-000000005f00}26104C:\Windows\regedit.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\SneakyPersistence\OobeDWORD (0x00000000)ATTACK_RANGE\ATTACKER 13241300x80000000000000004903679Microsoft-Windows-Sysmon/OperationalATTACKBOX.ATTACK_RANGE.LANSuspicious,TelemetryTamperSetValue2025-02-11 19:14:32.831{78198d03-a0f9-67ab-67aa-000000005f00}26104C:\Windows\regedit.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\SneakyPersistence\New Value #1DWORD (0x00000000)ATTACK_RANGE\ATTACKER 12241200x80000000000000004903678Microsoft-Windows-Sysmon/OperationalATTACKBOX.ATTACK_RANGE.LANSuspicious,TelemetryTamperDeleteValue2025-02-11 19:14:02.412{78198d03-a0f9-67ab-67aa-000000005f00}26104C:\Windows\regedit.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\SneakyPersistence\New Value #1ATTACK_RANGE\ATTACKER 13241300x80000000000000004903677Microsoft-Windows-Sysmon/OperationalATTACKBOX.ATTACK_RANGE.LANSuspicious,TelemetryTamperSetValue2025-02-11 19:14:02.412{78198d03-a0f9-67ab-67aa-000000005f00}26104C:\Windows\regedit.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\SneakyPersistence\NightlyDWORD (0x00000000)ATTACK_RANGE\ATTACKER 13241300x80000000000000004903676Microsoft-Windows-Sysmon/OperationalATTACKBOX.ATTACK_RANGE.LANSuspicious,TelemetryTamperSetValue2025-02-11 19:13:58.629{78198d03-a0f9-67ab-67aa-000000005f00}26104C:\Windows\regedit.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\SneakyPersistence\New Value #1DWORD (0x00000000)ATTACK_RANGE\ATTACKER 13241300x80000000000000004903661Microsoft-Windows-Sysmon/OperationalATTACKBOX.ATTACK_RANGE.LANSuspicious,TelemetryTamperSetValue2025-02-11 19:13:50.956{78198d03-a0f9-67ab-67aa-000000005f00}26104C:\Windows\regedit.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\SneakyPersistence\CommandC:\Temp\malware.exeATTACK_RANGE\ATTACKER 12241200x80000000000000004903660Microsoft-Windows-Sysmon/OperationalATTACKBOX.ATTACK_RANGE.LANSuspicious,TelemetryTamperDeleteValue2025-02-11 19:13:46.995{78198d03-a0f9-67ab-67aa-000000005f00}26104C:\Windows\regedit.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\SneakyPersistence\New Value #1ATTACK_RANGE\ATTACKER 14241400x80000000000000004903659Microsoft-Windows-Sysmon/OperationalATTACKBOX.ATTACK_RANGE.LANSuspicious,TelemetryTamperRenameKey2025-02-11 19:13:06.908{78198d03-a0f9-67ab-67aa-000000005f00}26104C:\Windows\regedit.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\New Key #1HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\SneakyPersistenceATTACK_RANGE\ATTACKER