13241300x8000000000000000252649Microsoft-Windows-Sysmon/Operationalar-win.nas.domain-SetValue2024-12-04 18:42:24.283{38b9f94a-90c2-6750-e40c-000000002f03}4032C:\Windows\System32\svchost.exeHKLM\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup\ChannelAccessO:SYG:SYD:(D;;0x1;;;WD)NAS\Administrator 13241300x8000000000000000242649Microsoft-Windows-Sysmon/Operationalar-win.nas.domain-SetValue2024-12-04 18:41:24.283{38b9f94a-90c2-6750-e40c-000000002f03}4032C:\Windows\regedit.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TaskScheduler/Operational\ChannelAccessO:SYG:SYD:(D;;0x1;;;WD)NAS\Administrator 13241300x8000000000000000250177Microsoft-Windows-Sysmon/Operationalar-win.nas.domain-SetValue2024-12-05 13:19:42.348{38b9f94a-90c2-6750-e40c-000000002f03}4032C:\Windows\regedit.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AMSI/Debug\ChannelAccessO:BAG:SYD:(A;;0x1;;;SY)(A;;0x5;;;BA)(A;;0x1;;;LA)NAS\Administrator 12241200x8000000000000000250562Microsoft-Windows-Sysmon/Operationalar-win.nas.domainSuspicious,ImageBeginWithBackslashDeleteValue2024-12-05 14:07:31.443{38b9f94a-90c2-6750-e40c-000000002f03}4032C:\Windows\regedit.exeHKLM\System\CurrentControlSet\Services\EventLog\Setup\CustomSDNAS\Administrator 12241200x8000000000000000250453Microsoft-Windows-Sysmon/Operationalar-win.nas.domainSuspicious,ImageBeginWithBackslashDeleteValue2024-12-05 13:56:06.456{38b9f94a-90c2-6750-e40c-000000002f03}4032C:\Windows\regedit.exeHKLM\System\CurrentControlSet\Services\EventLog\Setup\CustomSDNAS\Administrator 13241300x8000000000000000250367Microsoft-Windows-Sysmon/Operationalar-win.nas.domainSuspicious,ImageBeginWithBackslashSetValue2024-12-05 13:44:59.486{38b9f94a-90c2-6750-e40c-000000002f03}4032C:\Windows\regedit.exeHKLM\System\CurrentControlSet\Services\EventLog\Setup\CustomSDO:SYG:SYD:(D;;0x1;;;WD)NAS\Administrator 13241300x8000000000000000250365Microsoft-Windows-Sysmon/Operationalar-win.nas.domainSuspicious,ImageBeginWithBackslashSetValue2024-12-05 13:44:50.882{38b9f94a-90c2-6750-e40c-000000002f03}4032C:\Windows\regedit.exeHKLM\System\CurrentControlSet\Services\EventLog\Setup\CustomSD(Empty)NAS\Administrator 13241300x8000000000000000250364Microsoft-Windows-Sysmon/Operationalar-win.nas.domainSuspicious,ImageBeginWithBackslashSetValue2024-12-05 13:44:48.402{38b9f94a-90c2-6750-e40c-000000002f03}4032C:\Windows\regedit.exeHKLM\System\CurrentControlSet\Services\EventLog\Setup\New Value #1(Empty)NAS\Administrator 12241200x8000000000000000249266Microsoft-Windows-Sysmon/Operationalar-win.nas.domainSuspicious,ImageBeginWithBackslashDeleteValue2024-12-05 11:16:48.766{38b9f94a-90c2-6750-e40c-000000002f03}4032C:\Windows\regedit.exeHKLM\System\CurrentControlSet\Services\EventLog\Setup\CustomSDNAS\Administrator