13241300x80000000000000002147Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:31.335{4EF50BA8-35EB-6598-7C02-000000002F03}1364C:\Windows\system32\reg.exeHKU\S-1-5-21-1095027471-140521824-2468027183-500\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost\EnableWebContentEvaluationDWORD (0x00000000)ATTACKRANGE\Administrator
13241300x80000000000000002145Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:31.320{4EF50BA8-35EB-6598-7B02-000000002F03}5472C:\Windows\system32\reg.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost\EnableWebContentEvaluationDWORD (0x00000000)ATTACKRANGE\Administrator
13241300x80000000000000002143Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:31.288{4EF50BA8-35EB-6598-7A02-000000002F03}5408C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen\ConfigureAppInstallControlEnabledDWORD (0x00000000)ATTACKRANGE\Administrator
13241300x80000000000000002141Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:31.273{4EF50BA8-35EB-6598-7902-000000002F03}2716C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen\ConfigureAppInstallControlAnywhereATTACKRANGE\Administrator
13241300x80000000000000002139Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:31.257{4EF50BA8-35EB-6598-7802-000000002F03}6088C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Edge\PreventSmartScreenPromptOverrideDWORD (0x00000000)ATTACKRANGE\Administrator
13241300x80000000000000002137Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:31.242{4EF50BA8-35EB-6598-7702-000000002F03}6132C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Edge\SmartScreenEnabledDWORD (0x00000000)ATTACKRANGE\Administrator
13241300x80000000000000002135Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:31.210{4EF50BA8-35EB-6598-7602-000000002F03}1700C:\Windows\system32\reg.exeHKU\S-1-5-21-1095027471-140521824-2468027183-500_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter\PreventOverrideDWORD (0x00000000)ATTACKRANGE\Administrator
13241300x80000000000000002133Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:31.179{4EF50BA8-35EB-6598-7502-000000002F03}5316C:\Windows\system32\reg.exeHKU\S-1-5-21-1095027471-140521824-2468027183-500_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter\EnabledV9DWORD (0x00000000)ATTACKRANGE\Administrator
13241300x80000000000000002131Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:31.163{4EF50BA8-35EB-6598-7402-000000002F03}6128C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter\PreventOverrideDWORD (0x00000000)ATTACKRANGE\Administrator
13241300x80000000000000002129Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:31.132{4EF50BA8-35EB-6598-7302-000000002F03}5440C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter\EnabledV9DWORD (0x00000000)ATTACKRANGE\Administrator
13241300x80000000000000002127Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:31.117{4EF50BA8-35EB-6598-7202-000000002F03}4208C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows\System\ShellSmartScreenLevelWarnATTACKRANGE\Administrator
13241300x80000000000000002125Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:31.101{4EF50BA8-35EB-6598-7102-000000002F03}5772C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows\System\ShellSmartScreenLevelWarnATTACKRANGE\Administrator
13241300x80000000000000002123Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:31.039{4EF50BA8-35EB-6598-7002-000000002F03}5384C:\Windows\system32\reg.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\SmartScreenEnabledOffATTACKRANGE\Administrator
13241300x80000000000000002121Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:31.007{4EF50BA8-35EB-6598-6F02-000000002F03}6104C:\Windows\system32\reg.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SmartScreenEnabledOffATTACKRANGE\Administrator
13241300x80000000000000002119Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.976{4EF50BA8-35EA-6598-6E02-000000002F03}3200C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows\System\EnableSmartScreenDWORD (0x00000000)ATTACKRANGE\Administrator
13241300x80000000000000002117Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.945{4EF50BA8-35EA-6598-6D02-000000002F03}3712C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\ServiceKeepAliveDWORD (0x00000001)ATTACKRANGE\Administrator
13241300x80000000000000002115Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.851{4EF50BA8-35EA-6598-6C02-000000002F03}2408C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine\EnableFileHashComputationDWORD (0x00000000)ATTACKRANGE\Administrator
13241300x80000000000000002113Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.804{4EF50BA8-35EA-6598-6B02-000000002F03}3008C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\PUAProtectionDWORD (0x00000000)ATTACKRANGE\Administrator
13241300x80000000000000002111Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.788{4EF50BA8-35EA-6598-6A02-000000002F03}2792C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine\MpEnablePusDWORD (0x00000000)ATTACKRANGE\Administrator
13241300x80000000000000002109Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.726{4EF50BA8-35EA-6598-6902-000000002F03}5276C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\AppHVSI\AuditApplicationGuardDWORD (0x00000000)ATTACKRANGE\Administrator
13241300x80000000000000002107Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.695{4EF50BA8-35EA-6598-6802-000000002F03}3904C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting\WppTracingLevelDWORD (0x00000001)ATTACKRANGE\Administrator
13241300x80000000000000002105Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.663{4EF50BA8-35EA-6598-6702-000000002F03}2300C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting\DisableGenericRePortsDWORD (0x00000001)ATTACKRANGE\Administrator
13241300x80000000000000002103Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.601{4EF50BA8-35EA-6598-6602-000000002F03}5932C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates\DisableScanOnUpdateDWORD (0x00000001)ATTACKRANGE\Administrator
13241300x80000000000000002101Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.570{4EF50BA8-35EA-6598-6502-000000002F03}3948C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan\QuickScanIntervalDWORD (0x00000018)ATTACKRANGE\Administrator
13241300x80000000000000002099Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.538{4EF50BA8-35EA-6598-6402-000000002F03}3504C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction\19ATTACKRANGE\Administrator
13241300x80000000000000002097Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.507{4EF50BA8-35EA-6598-6302-000000002F03}2752C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction\29ATTACKRANGE\Administrator
13241300x80000000000000002095Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.492{4EF50BA8-35EA-6598-6202-000000002F03}4940C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction\39ATTACKRANGE\Administrator
13241300x80000000000000002093Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.476{4EF50BA8-35EA-6598-6102-000000002F03}3932C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction\49ATTACKRANGE\Administrator
13241300x80000000000000002091Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.429{4EF50BA8-35EA-6598-6002-000000002F03}5668C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction\59ATTACKRANGE\Administrator
13241300x80000000000000002089Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.413{4EF50BA8-35EA-6598-5F02-000000002F03}4948C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\Threats_ThreatSeverityDefaultActionDWORD (0x00000001)ATTACKRANGE\Administrator
13241300x80000000000000002087Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.320{4EF50BA8-35EA-6598-5E02-000000002F03}5108C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\NIS\DisableProtocolRecognitionDWORD (0x00000001)ATTACKRANGE\Administrator
13241300x80000000000000002085Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.307{4EF50BA8-35EA-6598-5D02-000000002F03}4272C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\DisableSignatureRetirementDWORD (0x00000001)ATTACKRANGE\Administrator
13241300x80000000000000002083Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.257{4EF50BA8-35EA-6598-5C02-000000002F03}3864C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\ThrottleDetectionEventsRateDWORD (0x00989680)ATTACKRANGE\Administrator
13241300x80000000000000002081Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.242{4EF50BA8-35EA-6598-5B02-000000002F03}4044C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\EnableControlledFolderAccessDWORD (0x00000000)ATTACKRANGE\Administrator
13241300x80000000000000002079Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.210{4EF50BA8-35EA-6598-5A02-000000002F03}4356C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection\EnableNetworkProtectionDWORD (0x00000000)ATTACKRANGE\Administrator
13241300x80000000000000002077Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.132{4EF50BA8-35EA-6598-5902-000000002F03}1492C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates\RealtimeSignatureDeliveryDWORD (0x00000000)ATTACKRANGE\Administrator
13241300x80000000000000002075Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.117{4EF50BA8-35EA-6598-5802-000000002F03}2068C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\MRT\DontReportInfectionInformationDWORD (0x00000001)ATTACKRANGE\Administrator
13241300x80000000000000002073Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.101{4EF50BA8-35EA-6598-5702-000000002F03}4140C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine\EnableFileHashComputationDWORD (0x00000000)ATTACKRANGE\Administrator
13241300x80000000000000002071Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.085{4EF50BA8-35EA-6598-5602-000000002F03}2960C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender\ServiceKeepAliveDWORD (0x00000001)ATTACKRANGE\Administrator
13241300x80000000000000002069Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2024-01-05 17:01:30.070{4EF50BA8-35EA-6598-5502-000000002F03}3836C:\Windows\system32\reg.exeHKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Firewall and network protection\UILockdownDWORD (0x00000001)ATTACKRANGE\Administrator