12241200x800000000000000077989224Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-DeleteValue2023-04-13 19:32:50.633{EF490992-58E2-6438-CB5E-00000000CA02}5508C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity\EnabledATTACKRANGE\administrator 13241300x800000000000000077987345Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-04-13 19:32:00.507{EF490992-58B0-6438-BE5E-00000000CA02}5560C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity\EnabledDWORD (0x00000000)ATTACKRANGE\administrator 13241300x800000000000000077986035Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-04-13 19:31:44.581{EF490992-58A0-6438-A85E-00000000CA02}5440C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity\EnabledDWORD (0x00000000)ATTACKRANGE\administrator 12241200x800000000000000077981136Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-DeleteValue2023-04-13 19:29:36.298{EF490992-5820-6438-865E-00000000CA02}4884C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity\EnabledATTACKRANGE\administrator 13241300x800000000000000077973507Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-04-13 19:25:59.403{EF490992-5747-6438-565E-00000000CA02}4092C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity\EnabledDWORD (0x00000000)ATTACKRANGE\administrator 12241200x800000000000000077972404Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-DeleteValue2023-04-13 19:25:46.183{EF490992-573A-6438-495E-00000000CA02}2572C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity\EnabledATTACKRANGE\administrator 13241300x800000000000000077971904Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-04-13 19:25:41.238{EF490992-5735-6438-415E-00000000CA02}3004C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity\EnabledDWORD (0x00000000)ATTACKRANGE\administrator 13241300x800000000000000077967866Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-04-13 19:24:36.022{EF490992-56F4-6438-0C5E-00000000CA02}1204C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity\EnabledDWORD (0x00000000)ATTACKRANGE\administrator 13241300x800000000000000077938961Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-04-13 19:08:54.334{EF490992-5346-6438-925D-00000000CA02}940C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity\EnabledDWORD (0x00000000)ATTACKRANGE\administrator 13241300x800000000000000077938386Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-04-13 19:08:44.240{EF490992-533B-6438-8E5D-00000000CA02}2460C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity\EnabledDWORD (0x00000000)ATTACKRANGE\administrator 13241300x800000000000000077929401Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-04-13 19:04:26.283{EF490992-5239-6438-685D-00000000CA02}5328C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity\EnabledDWORD (0x00000000)ATTACKRANGE\administrator 12241200x800000000000000077928485Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-DeleteValue2023-04-13 19:04:13.675{EF490992-522D-6438-625D-00000000CA02}960C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity\EnabledATTACKRANGE\administrator 13241300x800000000000000077918215Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-04-13 18:58:11.663{EF490992-50C3-6438-405D-00000000CA02}1396C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity\EnabledDWORD (0x00000001)ATTACKRANGE\administrator 13241300x800000000000000077917481Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-04-13 18:58:07.518{EF490992-50BF-6438-375D-00000000CA02}5392C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity\EnabledDWORD (0x00000000)ATTACKRANGE\administrator 13241300x800000000000000077857873Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-04-13 18:23:26.407{EF490992-489D-6438-6B5C-00000000CA02}5864C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity\EnabledDWORD (0x00000001)ATTACKRANGE\administrator 13241300x800000000000000077855551Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-04-13 18:22:32.692{EF490992-4867-6438-625C-00000000CA02}640C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity\EnabledDWORD (0x00000000)ATTACKRANGE\administrator 13241300x800000000000000077853131Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-SetValue2023-04-13 18:21:27.537{EF490992-4DCA-6434-FC05-00000000CA02}4596C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\System\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity\EnabledDWORD (0x00000001)ATTACKRANGE\administrator