13241300x8000000000000000127989020Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-05 20:20:24.210{EF490992-6508-6455-CC24-00000000CE02}1856C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator 13241300x8000000000000000127985523Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-05 20:19:31.101{EF490992-64D3-6455-BE24-00000000CE02}7752C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator 13241300x8000000000000000127980303Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-05 20:17:36.263{EF490992-6460-6455-AD24-00000000CE02}8984C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator 13241300x8000000000000000127979885Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-05 20:17:25.042{EF490992-6455-6455-AC24-00000000CE02}7000C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator 13241300x8000000000000000127979618Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-05 20:17:20.096{EF490992-6450-6455-A724-00000000CE02}7336C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator 13241300x8000000000000000127975454Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-05 20:14:58.082{EF490992-63C2-6455-9224-00000000CE02}4688C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator 13241300x8000000000000000127975239Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-05 20:14:54.955{EF490992-63BE-6455-8D24-00000000CE02}7816C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator 13241300x8000000000000000125263419Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-04 18:32:27.105{EF490992-FA3B-6453-2504-00000000CE02}4188C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator 13241300x8000000000000000125263173Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-04 18:32:23.698{EF490992-FA37-6453-2004-00000000CE02}2620C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator 13241300x8000000000000000125255361Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-04 18:28:05.762{EF490992-F935-6453-0304-00000000CE02}4188C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator 13241300x8000000000000000125254947Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-04 18:27:51.084{EF490992-F927-6453-0204-00000000CE02}5996C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator 13241300x8000000000000000125011653Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-04 15:50:31.331{EF490992-D447-6453-5F01-00000000CE02}5736C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator 13241300x8000000000000000125011252Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-04 15:50:25.163{EF490992-D441-6453-5A01-00000000CE02}5072C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator 13241300x8000000000000000124967371Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-04 15:33:35.432{EF490992-D01A-6453-CE00-00000000CE02}2760C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator 13241300x8000000000000000124967237Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-04 15:33:30.821{EF490992-D04A-6453-D600-00000000CE02}4612C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator 13241300x8000000000000000124961898Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-04 15:31:45.386{EF490992-CFE1-6453-C500-00000000CE02}4232C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator 13241300x8000000000000000123246947Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-03 20:42:10.502{EF490992-C722-6452-DEAD-00000000CD02}2652C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator 13241300x8000000000000000123172648Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-03 19:58:36.209{EF490992-BC09-6452-04AD-00000000CD02}4812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator 13241300x8000000000000000123167733Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-03 19:55:32.695{EF490992-BC09-6452-04AD-00000000CD02}4812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator 13241300x8000000000000000123167134Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-05-03 19:55:13.084{EF490992-BC09-6452-04AD-00000000CD02}4812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\System\CurrentControlSet\Control\Session Manager\BootExecuteBinary DataMSWIN-SERVER\Administrator