13241300x8000000000000000619106955Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 16:40:05.141{EF490992-5B9F-6525-1C01-00000000E302}7164C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\DllC:\Windows\SysWOW64\ntdll.dllMSWIN-SERVER\Administrator 13241300x8000000000000000619106953Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 16:40:05.118{EF490992-5B9F-6525-1C01-00000000E302}7164C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\DllC:\Windows\System32\ntdll.dllMSWIN-SERVER\Administrator 13241300x8000000000000000619102922Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 16:39:04.220{EF490992-5B9F-6525-1C01-00000000E302}7164C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\DllC:\Windows\SysWOW64\ntdll.dllMSWIN-SERVER\Administrator 13241300x8000000000000000619102920Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 16:39:04.204{EF490992-5B9F-6525-1C01-00000000E302}7164C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\DllC:\Windows\System32\ntdll.dllMSWIN-SERVER\Administrator 13241300x8000000000000000619096931Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 16:36:24.941{EF490992-5B9F-6525-1C01-00000000E302}7164C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}\DllC:\temp\mysip.dllMSWIN-SERVER\Administrator 13241300x8000000000000000619096929Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 16:36:24.926{EF490992-5B9F-6525-1C01-00000000E302}7164C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{603BCC1F-4B59-4E08-B724-D2C6297EF351}\DllC:\temp\mysip.dllMSWIN-SERVER\Administrator 13241300x8000000000000000619084197Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 16:31:31.626{EF490992-7C63-6525-4405-00000000E302}6684C:\Windows\system32\regsvr32.exeHKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{E59B6E68-3312-4738-961F-DB9405B2DDCB}\DllC:\temp\MySip.dllMSWIN-SERVER\Administrator 13241300x8000000000000000619084193Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 16:31:31.626{EF490992-7C63-6525-4405-00000000E302}6684C:\Windows\system32\regsvr32.exeHKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{E59B6E68-3312-4738-961F-DB9405B2DDCB}\DllC:\temp\MySip.dllMSWIN-SERVER\Administrator 13241300x8000000000000000619084189Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 16:31:31.626{EF490992-7C63-6525-4405-00000000E302}6684C:\Windows\system32\regsvr32.exeHKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{E59B6E68-3312-4738-961F-DB9405B2DDCB}\DllC:\temp\MySip.dllMSWIN-SERVER\Administrator 13241300x8000000000000000619084185Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 16:31:31.626{EF490992-7C63-6525-4405-00000000E302}6684C:\Windows\system32\regsvr32.exeHKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{E59B6E68-3312-4738-961F-DB9405B2DDCB}\DllC:\temp\MySip.dllMSWIN-SERVER\Administrator 13241300x8000000000000000619084181Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 16:31:31.626{EF490992-7C63-6525-4405-00000000E302}6684C:\Windows\system32\regsvr32.exeHKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{E59B6E68-3312-4738-961F-DB9405B2DDCB}\DllC:\temp\MySip.dllMSWIN-SERVER\Administrator 13241300x8000000000000000619084177Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 16:31:31.626{EF490992-7C63-6525-4405-00000000E302}6684C:\Windows\system32\regsvr32.exeHKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{E59B6E68-3312-4738-961F-DB9405B2DDCB}\DllC:\temp\MySip.dllMSWIN-SERVER\Administrator 13241300x8000000000000000619081023Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 16:30:18.565{EF490992-5B9F-6525-1C01-00000000E302}7164C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{603BCC1F-4B59-4E08-B724-D2C6297EF351}\DllC:\temp\MySIP.dllMSWIN-SERVER\Administrator 13241300x8000000000000000619075146Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 16:28:55.263{EF490992-5B9F-6525-1C01-00000000E302}7164C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{603BCC1F-4B59-4E08-B724-D2C6297EF351}\DllC:\temp\MySIP.dllMSWIN-SERVER\Administrator 13241300x8000000000000000618694899Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 14:11:46.868{EF490992-5BA2-6525-2001-00000000E302}5992C:\Windows\system32\regsvr32.exeHKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetCaps\{00000000-DEAD-BEEF-DEAD-DEADBABECAFE}\DllC:\Users\Administrator\Downloads\GTSIPProvider.dllMSWIN-SERVER\Administrator 13241300x8000000000000000618694895Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 14:11:46.867{EF490992-5BA2-6525-2001-00000000E302}5992C:\Windows\system32\regsvr32.exeHKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllIsMyFileType2\{00000000-DEAD-BEEF-DEAD-DEADBABECAFE}\DllC:\Users\Administrator\Downloads\GTSIPProvider.dllMSWIN-SERVER\Administrator 13241300x8000000000000000618694891Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 14:11:46.867{EF490992-5BA2-6525-2001-00000000E302}5992C:\Windows\system32\regsvr32.exeHKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{00000000-DEAD-BEEF-DEAD-DEADBABECAFE}\DllC:\Users\Administrator\Downloads\GTSIPProvider.dllMSWIN-SERVER\Administrator 13241300x8000000000000000618694887Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 14:11:46.867{EF490992-5BA2-6525-2001-00000000E302}5992C:\Windows\system32\regsvr32.exeHKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{00000000-DEAD-BEEF-DEAD-DEADBABECAFE}\DllC:\Users\Administrator\Downloads\GTSIPProvider.dllMSWIN-SERVER\Administrator 13241300x8000000000000000618694883Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 14:11:46.867{EF490992-5BA2-6525-2001-00000000E302}5992C:\Windows\system32\regsvr32.exeHKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{00000000-DEAD-BEEF-DEAD-DEADBABECAFE}\DllC:\Users\Administrator\Downloads\GTSIPProvider.dllMSWIN-SERVER\Administrator 13241300x8000000000000000618694879Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 14:11:46.867{EF490992-5BA2-6525-2001-00000000E302}5992C:\Windows\system32\regsvr32.exeHKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{00000000-DEAD-BEEF-DEAD-DEADBABECAFE}\DllC:\Users\Administrator\Downloads\GTSIPProvider.dllMSWIN-SERVER\Administrator 13241300x8000000000000000618694875Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-10-10 14:11:46.866{EF490992-5BA2-6525-2001-00000000E302}5992C:\Windows\system32\regsvr32.exeHKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{00000000-DEAD-BEEF-DEAD-DEADBABECAFE}\DllC:\Users\Administrator\Downloads\GTSIPProvider.dllMSWIN-SERVER\Administrator