13241300x800000000000000071216Microsoft-Windows-Sysmon/Operationalwin-dc-lstella-92811-83.attackrange.localT1042SetValue2022-02-23 22:04:05.215{1F3941AB-AF54-6216-E40C-000000003602}3576C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKU\S-1-5-21-3683077535-3939808197-1844016261-500_Classes\mscfile\shell\open\command\(Default)C:\Windows\System32\cmd.exe 13241300x800000000000000070862Microsoft-Windows-Sysmon/Operationalwin-dc-lstella-92811-83.attackrange.local-SetValue2022-02-23 22:03:34.394{1F3941AB-757C-6216-2E00-000000003602}3032C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\6FC0DF5C-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_6FC0DF5C-0000-0000-0000-100000000000.XML 13241300x800000000000000070861Microsoft-Windows-Sysmon/Operationalwin-dc-lstella-92811-83.attackrange.local-SetValue2022-02-23 22:03:34.378{1F3941AB-757C-6216-2E00-000000003602}3032C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\6BA91731-224C-46D2-A81C-FD3C3F81A4C4\Config SourceDWORD (0x00000001) 13241300x800000000000000070860Microsoft-Windows-Sysmon/Operationalwin-dc-lstella-92811-83.attackrange.local-SetValue2022-02-23 22:03:34.378{1F3941AB-757C-6216-2E00-000000003602}3032C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\6BA91731-224C-46D2-A81C-FD3C3F81A4C4\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_6BA91731-224C-46D2-A81C-FD3C3F81A4C4.XML 13241300x800000000000000070743Microsoft-Windows-Sysmon/Operationalwin-dc-lstella-92811-83.attackrange.local-SetValue2022-02-23 22:02:58.960{1F3941AB-756C-6216-0B00-000000003602}616C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000070742Microsoft-Windows-Sysmon/Operationalwin-dc-lstella-92811-83.attackrange.local-SetValue2022-02-23 22:02:58.960{1F3941AB-756C-6216-0B00-000000003602}616C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00e13dcd) 13241300x800000000000000070741Microsoft-Windows-Sysmon/Operationalwin-dc-lstella-92811-83.attackrange.local-SetValue2022-02-23 22:02:58.960{1F3941AB-756C-6216-0B00-000000003602}616C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d828f8-0xbc73aaa7) 13241300x800000000000000070740Microsoft-Windows-Sysmon/Operationalwin-dc-lstella-92811-83.attackrange.local-SetValue2022-02-23 22:02:58.960{1F3941AB-756C-6216-0B00-000000003602}616C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d82901-0x1e3812a7) 13241300x800000000000000070739Microsoft-Windows-Sysmon/Operationalwin-dc-lstella-92811-83.attackrange.local-SetValue2022-02-23 22:02:58.960{1F3941AB-756C-6216-0B00-000000003602}616C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d82909-0x7ffc7aa7) 13241300x800000000000000070738Microsoft-Windows-Sysmon/Operationalwin-dc-lstella-92811-83.attackrange.local-SetValue2022-02-23 22:02:58.960{1F3941AB-756C-6216-0B00-000000003602}616C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000070737Microsoft-Windows-Sysmon/Operationalwin-dc-lstella-92811-83.attackrange.local-SetValue2022-02-23 22:02:58.960{1F3941AB-756C-6216-0B00-000000003602}616C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00e13dcd) 13241300x800000000000000070736Microsoft-Windows-Sysmon/Operationalwin-dc-lstella-92811-83.attackrange.local-SetValue2022-02-23 22:02:58.960{1F3941AB-756C-6216-0B00-000000003602}616C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d828f8-0xbc73aaa7) 13241300x800000000000000070735Microsoft-Windows-Sysmon/Operationalwin-dc-lstella-92811-83.attackrange.local-SetValue2022-02-23 22:02:58.960{1F3941AB-756C-6216-0B00-000000003602}616C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d82901-0x1e3812a7) 13241300x800000000000000070734Microsoft-Windows-Sysmon/Operationalwin-dc-lstella-92811-83.attackrange.local-SetValue2022-02-23 22:02:58.960{1F3941AB-756C-6216-0B00-000000003602}616C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d82909-0x7ffc7aa7) 13241300x800000000000000070550Microsoft-Windows-Sysmon/Operationalwin-dc-lstella-92811-83.attackrange.localT1042SetValue2022-02-23 22:02:04.233{1F3941AB-AEDC-6216-D20C-000000003602}1124C:\Windows\system32\reg.exeHKU\S-1-5-21-3683077535-3939808197-1844016261-500_Classes\mscfile\shell\open\command\(Default)C:\Windows\System32\cmd.exe