4663101280100x80200000000000001448986Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448985Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448984Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448983Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448982Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448981Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448980Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448979Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448978Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448977Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448976Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448975Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448974Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448973Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448972Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448971Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448970Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448969Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448968Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448967Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448966Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448965Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448964Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448963Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448962Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448961Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448960Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448959Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448958Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448957Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448956Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448955Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448954Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448953Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448952Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448951Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448950Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448949Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448948Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448947Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448946Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448945Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448944Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448943Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448942Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448941Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448940Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448939Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448938Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448937Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448936Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448935Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448934Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448933Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448932Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448931Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448930Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448929Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448928Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448927Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448926Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448925Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448924Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448923Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448922Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448921Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448920Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448919Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448918Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448917Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448916Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448915Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448914Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448913Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448912Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448911Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448910Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448909Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448908Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448907Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448906Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448905Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448904Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448903Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448902Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448901Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448900Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448899Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448898Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448897Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448896Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448895Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448894Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448893Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448892Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448891Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448890Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448889Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448888Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448887Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448886Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448885Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448884Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448883Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448882Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448881Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448880Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448879Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448878Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448877Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448876Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448875Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448874Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448873Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448872Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448871Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448870Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448869Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448868Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448867Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448866Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448865Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448864Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448863Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448862Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448861Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448860Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448859Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448858Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448857Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448856Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448855Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448854Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448853Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448852Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448851Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448850Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448849Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448848Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448847Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448846Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448845Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448844Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448843Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448842Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448841Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448840Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448839Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448838Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448837Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448836Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448835Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448834Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448833Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448832Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448831Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448830Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448829Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448828Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448827Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448826Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448825Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448824Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448823Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448822Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448821Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448820Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448819Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448818Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448817Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448816Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448815Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448814Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448813Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448812Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448811Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448810Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448809Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448808Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448807Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448806Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448805Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448804Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448803Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448802Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448801Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448800Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448799Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448798Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448797Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448796Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448795Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448794Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448793Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448792Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448791Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448790Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448789Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448788Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448787Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448786Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448785Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448784Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448783Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448782Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448781Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448780Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448779Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448778Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448777Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448776Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448775Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448774Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448773Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448772Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448771Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448770Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448769Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448768Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448767Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448766Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448765Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448764Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448763Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448762Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448761Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448760Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448759Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448758Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448757Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448756Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448755Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448754Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448753Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448752Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448751Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448750Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448749Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448748Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448747Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448746Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448745Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448744Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448743Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448742Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448741Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448740Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448739Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448738Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448737Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448736Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448735Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448734Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448733Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448732Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448731Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448730Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448729Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448728Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448727Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448726Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448725Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448724Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448723Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448722Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448721Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448720Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448719Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448718Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448717Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448716Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448715Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448714Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448713Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448712Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448711Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448710Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448709Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448708Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448707Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448706Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448705Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448704Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448703Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448702Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448701Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448700Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448699Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448698Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448697Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448696Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448695Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448694Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448693Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448692Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448691Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448690Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448689Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448688Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448687Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448686Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448685Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448684Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448683Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448682Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448681Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448680Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448679Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448678Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448677Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448676Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448675Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449238Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449237Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449236Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449235Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449234Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449233Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449232Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449231Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449230Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449229Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449228Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449227Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449226Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449225Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449224Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449223Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449222Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449221Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449220Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449219Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449218Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449217Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449216Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449215Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449214Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449213Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449212Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449211Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449210Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449209Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449208Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449207Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449206Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449205Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449204Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449203Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449202Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449201Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449200Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449199Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449198Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449197Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449196Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449195Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449194Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449193Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449192Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449191Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449190Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449189Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449188Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449187Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449186Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449185Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449184Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449183Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449182Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449181Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449180Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449179Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449178Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449177Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449176Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449175Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449174Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449173Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449172Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449171Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449170Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449169Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449168Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449167Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449166Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449165Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449164Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449163Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449162Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449161Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449160Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449159Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449158Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449157Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449156Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449155Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449154Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449153Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449152Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449151Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449150Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449149Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449148Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449147Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449146Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449145Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449144Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449143Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449142Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449141Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449140Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449139Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449138Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449137Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449136Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449135Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449134Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449133Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449132Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449131Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449130Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449129Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449128Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449127Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449126Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449125Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449124Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449123Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449122Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449121Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449120Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449119Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449118Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449117Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449116Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449115Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449114Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449113Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449112Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449111Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449110Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449109Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449108Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449107Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449106Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449105Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449104Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449103Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449102Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449101Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449100Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449099Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449098Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449097Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449096Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449095Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449094Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449093Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449092Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449091Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449090Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449089Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449088Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449087Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449086Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449085Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449084Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449083Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449082Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449081Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449080Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449079Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449078Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449077Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449076Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449075Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449074Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449073Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449072Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449071Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449070Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449069Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449068Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449067Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449066Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449065Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449064Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449063Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449062Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449061Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449060Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449059Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449058Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449057Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449056Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449055Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449054Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449053Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449052Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449051Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449050Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449049Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449048Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449047Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449046Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449045Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449044Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449043Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449042Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449041Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449040Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449039Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449038Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449037Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449036Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449035Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449034Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449033Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449032Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449031Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449030Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449029Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449028Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449027Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449026Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449025Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449024Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449023Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449022Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449021Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449020Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449019Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449018Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449017Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449016Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449015Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449014Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449013Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449012Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449011Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449010Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449009Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449008Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449007Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449006Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449005Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449004Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449003Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449002Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449001Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449000Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448999Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1ec%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448998Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448997Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448996Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448995Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448994Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448993Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448992Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448991Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448990Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448989Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448988Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001448987Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449406Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449405Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449404Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449403Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449402Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449401Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449400Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449399Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449398Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449397Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449396Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449395Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449394Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449393Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449392Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449391Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449390Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449389Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449388Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449387Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449386Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449385Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449384Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449383Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449382Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449381Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449380Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449379Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449378Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449377Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449376Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449375Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449374Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449373Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449372Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449371Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449370Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449369Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449368Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449367Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449366Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449365Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449364Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449363Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449362Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449361Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449360Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449359Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449358Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449357Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449356Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449355Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449354Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449353Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449352Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449351Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449350Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449349Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449348Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449347Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449346Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449345Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449344Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449343Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449342Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449341Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449340Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449339Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449338Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449337Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449336Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449335Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449334Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449333Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449332Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449331Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449330Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449329Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449328Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449327Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449326Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449325Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449324Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449323Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449322Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449321Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449320Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449319Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449318Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449317Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449316Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449315Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449314Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449313Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449312Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449311Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449310Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449309Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449308Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449307Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449306Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449305Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449304Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449303Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449302Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449301Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449300Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449299Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449298Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449297Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449296Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449295Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449294Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449293Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449292Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449291Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449290Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449289Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449288Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449287Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449286Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449285Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449284Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449283Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449282Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449281Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449280Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449279Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449278Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449277Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449276Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449275Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449274Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449273Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449272Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449271Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449270Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449269Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449268Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449267Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449266Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449265Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449264Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449263Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449262Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449261Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449260Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449259Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449258Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449257Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449256Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449255Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449254Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449253Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449252Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449251Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449250Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449249Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449248Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449247Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449246Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449245Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449244Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449243Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449242Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449241Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449240Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449239Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449574Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449573Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449572Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449571Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449570Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449569Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449568Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449567Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449566Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449565Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449564Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449563Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449562Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449561Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449560Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449559Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449558Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449557Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449556Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449555Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449554Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449553Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449552Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449551Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449550Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449549Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449548Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449547Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449546Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449545Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449544Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449543Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449542Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449541Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449540Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449539Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449538Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449537Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449536Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449535Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449534Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449533Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449532Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449531Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449530Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449529Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449528Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449527Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449526Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449525Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449524Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449523Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449522Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449521Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449520Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449519Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449518Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449517Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449516Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449515Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449514Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449513Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449512Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449511Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449510Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449509Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449508Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449507Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449506Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449505Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449504Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449503Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449502Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449501Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449500Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449499Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449498Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449497Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449496Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449495Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449494Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449493Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449492Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449491Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449490Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449489Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449488Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449487Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449486Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449485Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449484Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449483Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449482Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449481Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449480Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449479Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449478Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449477Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449476Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449475Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449474Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449473Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449472Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449471Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449470Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449469Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449468Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449467Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449466Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449465Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449464Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449463Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449462Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449461Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449460Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449459Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449458Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449457Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449456Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449455Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449454Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449453Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449452Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449451Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449450Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449449Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449448Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449447Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449446Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449445Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449444Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449443Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449442Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449441Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449440Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449439Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449438Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449437Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449436Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449435Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449434Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449433Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449432Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449431Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449430Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449429Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449428Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449427Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449426Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449425Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449424Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449423Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449422Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449421Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449420Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449419Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1fc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449418Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449417Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449416Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449415Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449414Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449413Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449412Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449411Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449410Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449409Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449408Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449407Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1e0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280000x80200000000000001449730Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x1ffc%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001449729Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x2648%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001449728Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x22bc%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001449727Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1d78%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001449726Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1d78%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001449725Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x9c0%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001449724Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x1edc%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001449723Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x263c%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001449722Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1f9c%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001449721Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1f9c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001449720Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x263c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001449719Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x263c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001449718Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449717Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449716Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449715Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449714Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449713Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449712Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449711Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449710Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449709Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449708Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449707Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449706Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449705Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449704Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449703Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449702Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449701Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449700Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449699Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449698Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449697Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449696Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449695Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449694Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449693Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449692Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449691Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449690Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449689Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449688Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449687Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449686Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449685Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449684Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449683Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449682Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449681Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449680Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449679Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449678Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449677Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449676Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449675Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449674Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449673Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449672Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449671Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449670Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449669Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449668Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449667Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449666Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449665Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449664Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449663Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449662Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449661Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449660Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449659Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449658Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449657Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449656Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449655Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449654Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449653Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449652Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449651Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449650Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449649Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449648Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449647Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449646Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449645Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449644Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449643Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449642Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449641Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449640Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449639Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449638Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449637Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449636Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449635Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449634Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449633Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449632Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449631Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449630Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449629Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449628Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449627Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449626Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449625Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449624Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449623Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449622Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449621Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449620Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449619Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449618Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449617Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449616Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449615Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449614Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449613Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449612Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449611Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449610Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449609Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449608Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449607Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449606Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449605Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449604Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449603Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449602Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449601Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449600Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449599Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449598Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449597Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449596Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449595Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449594Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449593Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449592Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449591Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449590Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449589Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449588Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449587Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449586Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449585Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449584Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449583Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449582Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449581Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449580Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449579Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449578Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449577Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449576Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449575Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449779Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449778Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449777Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449776Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449775Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449774Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449773Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449772Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449771Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449770Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449769Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449768Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449767Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449766Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449765Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449764Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449763Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449762Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449761Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449760Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449759Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449758Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449757Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449756Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280000x80200000000000001449755Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\WindowsApps0x3b0%%4416 0x10x1868C:\Windows\System32\cmd.exeS:AINO_ACCESS_CONTROL 4663101280000x80200000000000001449754Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Program Files\ansible\sysmon0x3b0%%4416 0x10x1868C:\Windows\System32\cmd.exe 4663101280000x80200000000000001449753Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Program Files\Aurora-Agent0x3b0%%4416 0x10x1868C:\Windows\System32\cmd.exe 4663101280000x80200000000000001449752Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Program Files\Git\cmd0x3b0%%4416 0x10x1868C:\Windows\System32\cmd.exe 4663101280000x80200000000000001449751Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\ProgramData\chocolatey\bin0x3b0%%4416 0x10x1868C:\Windows\System32\cmd.exe 4663101280000x80200000000000001449750Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Program Files\Amazon\cfn-bootstrap0x3b0%%4416 0x10x1868C:\Windows\System32\cmd.exe 4663101280000x80200000000000001449749Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\WindowsPowerShell\v1.00x3b0%%4416 0x10x1868C:\Windows\System32\cmd.exeS:AI 4663101280000x80200000000000001449748Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\wbem0x3b0%%4416 0x10x1868C:\Windows\System32\cmd.exeS:AI 4663101280000x80200000000000001449747Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows0x3b0%%4416 0x10x1868C:\Windows\System32\cmd.exeS:AI 4663101280000x80200000000000001449746Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System320x3b0%%4416 0x10x1868C:\Windows\System32\cmd.exeS:AI 4663101280000x80200000000000001449745Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python3110x3b0%%4416 0x10x1868C:\Windows\System32\cmd.exe 4663101280000x80200000000000001449744Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Scripts0x3b0%%4416 0x10x1868C:\Windows\System32\cmd.exe 4663101280000x80200000000000001449743Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x3b0%%4416 0x10x1868C:\Windows\System32\cmd.exe 4663101280100x80200000000000001449742Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449741Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449740Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449739Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449738Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449737Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449736Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449735Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449734Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449733Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449732Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449731Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x208%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449803Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449802Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449801Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449800Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449799Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449798Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449797Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449796Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449795Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449794Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449793Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449792Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449791Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449790Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449789Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449788Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449787Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449786Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449785Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449784Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449783Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449782Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449781Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001449780Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451153Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451152Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451151Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451150Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451149Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451148Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451147Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451146Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451145Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451144Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451143Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451142Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451141Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize0x114%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001451140Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize0x114%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001451139Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize0x144%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001451138Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize0x144%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001451137Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451136Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451135Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451134Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451133Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451132Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451131Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451130Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451129Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451128Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451127Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451126Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451125Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451124Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451123Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451122Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451121Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451120Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451119Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451118Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451117Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451116Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451115Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451114Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451113Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451112Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451111Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451110Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451109Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451108Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451107Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451106Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451105Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451104Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451103Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451102Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451101Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451100Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451099Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451098Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451097Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451096Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451095Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451094Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451093Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451092Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451091Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451090Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451089Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451088Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451087Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451086Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451085Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451084Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451083Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451082Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451081Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451080Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451079Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451078Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451077Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451076Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451075Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451074Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451073Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451072Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451071Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451070Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451069Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451068Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451067Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451066Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451065Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451064Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451063Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451062Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451061Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451060Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451059Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451058Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451057Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451056Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451055Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451054Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451053Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451052Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451051Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451050Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451049Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451048Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451047Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451046Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451045Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451044Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451043Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451042Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451041Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451040Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451039Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451038Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451037Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451036Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451035Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451034Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451033Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451032Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451031Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451030Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451029Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451028Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451027Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451026Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451025Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451024Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451023Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451022Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451021Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451020Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451019Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451018Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451017Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451016Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451015Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451014Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451013Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451012Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451011Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451010Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451009Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451008Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451007Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451006Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451005Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451004Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451003Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451002Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451001Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451000Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450999Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450998Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x204%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450997Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450996Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450995Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450994Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f0%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450993Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450992Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450991Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450990Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450989Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450988Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450987Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450986Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450985Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450984Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450983Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450982Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450981Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450980Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450979Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450978Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450977Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450976Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450975Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450974Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450973Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450972Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450971Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450970Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450969Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450968Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450967Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450966Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450965Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450964Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450963Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450962Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450961Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450960Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450959Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450958Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450957Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450956Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450955Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450954Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450953Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450952Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450951Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450950Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450949Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450948Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450947Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001450946Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280000x80200000000000001450945Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Login Data0x1a4%%4416 0x10xef4C:\Python311\python.exeS:AI 4663101280000x80200000000000001450944Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\cryptbase.dll0x1a0%%4421 0x200xef4C:\Python311\python.exeS:AI 4663101280100x80200000000000001450943Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x1ea0%%4432 0x10x258C:\Windows\System32\lsass.exe- 4663101280100x80200000000000001450942Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Rpc0x194%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001450941Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Rpc0x184%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001450940Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\Setup0x184%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001450939Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\Setup0x184%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001450938Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName0x184%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001450937Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Rpc0x188%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450936Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\dpapi.dll0x188%%4421 0x200xef4C:\Python311\python.exeS:AI 4663101280000x80200000000000001450935Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Local State0x184%%4416 0x10xef4C:\Python311\python.exeS:AI 4663101280000x80200000000000001450934Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Local State0x184%%4423 0x800xef4C:\Python311\python.exeS:AI 4663101280000x80200000000000001450933Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\string.cpython-311.pyc0x100%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450932Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\string.cpython-311.pyc0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450931Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\string.py0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450930Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\string.py0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450929Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450928Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450927Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450926Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\weakref.cpython-311.pyc0x104%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450925Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\weakref.cpython-311.pyc0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450924Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\weakref.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450923Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\weakref.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450922Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450921Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450920Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450919Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\textwrap.cpython-311.pyc0x128%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450918Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\textwrap.cpython-311.pyc0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450917Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\textwrap.py0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450916Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\textwrap.py0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450915Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450914Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450913Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450912Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\token.cpython-311.pyc0x180%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450911Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\token.cpython-311.pyc0x180%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450910Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\token.py0x180%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450909Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\token.py0x180%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450908Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x180%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450907Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x180%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450906Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x180%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450905Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\tokenize.cpython-311.pyc0x164%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450904Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\tokenize.cpython-311.pyc0x164%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450903Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\tokenize.py0x164%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450902Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\tokenize.py0x164%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450901Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x164%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450900Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x164%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450899Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x164%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450898Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\linecache.cpython-311.pyc0x128%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450897Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\linecache.cpython-311.pyc0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450896Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\linecache.py0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450895Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\linecache.py0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450894Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450893Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450892Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450891Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\traceback.cpython-311.pyc0x100%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450890Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\traceback.cpython-311.pyc0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450889Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\traceback.py0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450888Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\traceback.py0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450887Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450886Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450885Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450884Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\logging\__pycache__\__init__.cpython-311.pyc0x188%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450883Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\logging\__pycache__\__init__.cpython-311.pyc0x188%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450882Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\logging\__init__.py0x188%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450881Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\logging\__init__.py0x188%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450880Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450879Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450878Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450877Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\__pycache__\hexdump.cpython-311.pyc0xec%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450876Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\__pycache__\hexdump.cpython-311.pyc0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450875Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\hexdump.py0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450874Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\hexdump.py0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450873Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450872Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python3110xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450871Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450870Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450869Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450868Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\vcruntime140_1.dll0x108%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450867Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\pywin32_system32\pywintypes311.dll0xe4%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450866Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win32\win32crypt.pyd0xe4%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450865Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win32\win32crypt.pyd0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450864Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win320xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450863Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450862Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python3110xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450861Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450860Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450859Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450858Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_aesni.pyd0x424%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450857Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0x104%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450856Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_aesni.pyd0xe4%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450855Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_aesni.pyd0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450854Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_aes.pyd0x424%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450853Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0x104%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450852Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_aes.pyd0xe4%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450851Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_aes.pyd0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450850Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\AES.cpython-311.pyc0x100%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450849Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\AES.cpython-311.pyc0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450848Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\AES.py0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450847Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\AES.py0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450846Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450845Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_ocb.pyd0x424%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450844Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0xf4%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450843Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_ocb.pyd0x104%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450842Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_ocb.pyd0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450841Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_ocb.cpython-311.pyc0x128%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450840Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_ocb.cpython-311.pyc0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450839Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_ocb.py0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450838Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_ocb.py0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450837Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450836Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\_ghash_clmul.pyd0x424%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450835Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0xf4%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450834Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\_ghash_clmul.pyd0x128%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450833Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\_ghash_clmul.pyd0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450832Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\_ghash_portable.pyd0x628%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450831Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0x128%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450830Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\_ghash_portable.pyd0x104%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450829Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\_ghash_portable.pyd0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450828Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\_cpuid_c.pyd0x628%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450827Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0x188%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450826Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\_cpuid_c.pyd0x128%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450825Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\_cpuid_c.pyd0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450824Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\__pycache__\_cpu_features.cpython-311.pyc0xec%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450823Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\__pycache__\_cpu_features.cpython-311.pyc0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450822Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\_cpu_features.py0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450821Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\_cpu_features.py0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450820Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450819Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_gcm.cpython-311.pyc0x104%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450818Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_gcm.cpython-311.pyc0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450817Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_gcm.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450816Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_gcm.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450815Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450814Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Protocol\_scrypt.pyd0x628%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450813Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0x188%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450812Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Protocol\_scrypt.pyd0xec%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450811Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Protocol\_scrypt.pyd0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450810Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_Salsa20.pyd0x628%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450809Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0x188%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450808Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_Salsa20.pyd0xec%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450807Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_Salsa20.pyd0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450806Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\_MD5.pyd0x628%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450805Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0x194%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450804Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\_MD5.pyd0x190%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450803Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\_MD5.pyd0x190%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450802Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\__pycache__\MD5.cpython-311.pyc0x18c%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450801Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\__pycache__\MD5.cpython-311.pyc0x18c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450800Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\MD5.py0x18c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450799Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\MD5.py0x18c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450798Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash0x18c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450797Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\__pycache__\HMAC.cpython-311.pyc0x188%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450796Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\__pycache__\HMAC.cpython-311.pyc0x188%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450795Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\HMAC.py0x188%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450794Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\HMAC.py0x188%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450793Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash0x188%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450792Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\_SHA256.pyd0x628%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450791Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0x18c%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450790Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\_SHA256.pyd0x188%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450789Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\_SHA256.pyd0x188%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450788Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\__pycache__\SHA256.cpython-311.pyc0x184%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450787Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\__pycache__\SHA256.cpython-311.pyc0x184%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450786Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\SHA256.py0x184%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450785Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\SHA256.py0x184%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450784Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash0x184%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450783Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\_SHA1.pyd0x628%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450782Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0x18c%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450781Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\_SHA1.pyd0x184%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450780Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\_SHA1.pyd0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450779Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\__pycache__\SHA1.cpython-311.pyc0x164%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450778Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\__pycache__\SHA1.cpython-311.pyc0x164%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450777Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\SHA1.py0x164%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450776Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\SHA1.py0x164%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450775Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash0x164%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450774Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Protocol\__pycache__\KDF.cpython-311.pyc0xec%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450773Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Protocol\__pycache__\KDF.cpython-311.pyc0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450772Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Protocol\KDF.py0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450771Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Protocol\KDF.py0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450770Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Protocol0xec%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450769Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Protocol0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450768Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Protocol0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450767Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Protocol0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450766Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Protocol\__pycache__\__init__.cpython-311.pyc0xf4%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450765Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Protocol\__pycache__\__init__.cpython-311.pyc0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450764Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Protocol\__init__.py0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450763Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Protocol\__init__.py0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450762Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450761Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_siv.cpython-311.pyc0x104%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450760Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_siv.cpython-311.pyc0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450759Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_siv.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450758Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_siv.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450757Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450756Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\__pycache__\CMAC.cpython-311.pyc0xec%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450755Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\__pycache__\CMAC.cpython-311.pyc0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450754Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\CMAC.py0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450753Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\CMAC.py0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450752Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450751Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_eax.cpython-311.pyc0x104%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450750Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_eax.cpython-311.pyc0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450749Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_eax.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450748Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_eax.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450747Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450746Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\_BLAKE2s.pyd0x424%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450745Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0xf4%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450744Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\_BLAKE2s.pyd0xec%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450743Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\_BLAKE2s.pyd0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450742Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\__pycache__\BLAKE2s.cpython-311.pyc0x128%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450741Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\__pycache__\BLAKE2s.cpython-311.pyc0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450740Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\BLAKE2s.py0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450739Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\BLAKE2s.py0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450738Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash0x128%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450737Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450736Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450735Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450734Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\__pycache__\__init__.cpython-311.pyc0xec%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450733Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\__pycache__\__init__.cpython-311.pyc0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450732Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\__init__.py0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450731Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Hash\__init__.py0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450730Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450729Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\_strxor.pyd0x424%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450728Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0xf4%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450727Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\_strxor.pyd0xec%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450726Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\_strxor.pyd0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450725Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\__pycache__\strxor.cpython-311.pyc0x128%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450724Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\__pycache__\strxor.cpython-311.pyc0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450723Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\strxor.py0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450722Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\strxor.py0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450721Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450720Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_ccm.cpython-311.pyc0x104%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450719Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_ccm.cpython-311.pyc0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450718Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_ccm.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450717Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_ccm.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450716Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450715Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_openpgp.cpython-311.pyc0x108%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450714Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_openpgp.cpython-311.pyc0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450713Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_openpgp.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450712Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_openpgp.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450711Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450710Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_ctr.pyd0x424%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450709Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0x128%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450708Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_ctr.pyd0x108%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450707Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_ctr.pyd0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450706Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\__pycache__\number.cpython-311.pyc0xec%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450705Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\__pycache__\number.cpython-311.pyc0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450704Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\number.py0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450703Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\number.py0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450702Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450701Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_ctr.cpython-311.pyc0x108%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450700Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_ctr.cpython-311.pyc0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450699Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_ctr.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450698Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_ctr.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450697Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450696Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_ofb.pyd0x424%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450695Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0xec%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450694Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_ofb.pyd0x108%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450693Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_ofb.pyd0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450692Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_ofb.cpython-311.pyc0x104%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450691Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_ofb.cpython-311.pyc0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450690Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_ofb.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450689Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_ofb.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450688Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450687Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_cfb.pyd0x424%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450686Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0xec%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450685Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_cfb.pyd0x104%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450684Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_cfb.pyd0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450683Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_cfb.cpython-311.pyc0x108%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450682Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_cfb.cpython-311.pyc0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450681Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_cfb.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450680Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_cfb.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450679Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450678Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_cbc.pyd0x424%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450677Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0xec%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450676Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_cbc.pyd0x108%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450675Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_cbc.pyd0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450674Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Random\__pycache__\__init__.cpython-311.pyc0x128%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450673Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Random\__pycache__\__init__.cpython-311.pyc0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450672Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Random\__init__.py0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450671Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Random\__init__.py0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450670Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450669Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_cbc.cpython-311.pyc0x108%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450668Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_cbc.cpython-311.pyc0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450667Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_cbc.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450666Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_cbc.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450665Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450664Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_ecb.pyd0x424%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450663Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0x128%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450662Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_ecb.pyd0x108%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450661Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\platform.cpython-311.pyc0x128%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450660Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\platform.cpython-311.pyc0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450659Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\platform.py0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450658Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\platform.py0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450657Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450656Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450655Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450654Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_raw_ecb.pyd0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450653Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\pythonwin0x180%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450652Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win32\lib0x180%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450651Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win320x180%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450650Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages0x180%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450649Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python3110x180%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450648Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x180%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450647Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x180%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450646Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x180%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450645Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\contextlib.cpython-311.pyc0x17c%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450644Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\contextlib.cpython-311.pyc0x17c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450643Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\contextlib.py0x17c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450642Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\contextlib.py0x17c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450641Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x17c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450640Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x17c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450639Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x17c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450638Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\_weakrefset.cpython-311.pyc0x174%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450637Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\_weakrefset.cpython-311.pyc0x174%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450636Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\_weakrefset.py0x174%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450635Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\_weakrefset.py0x174%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450634Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x174%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450633Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x174%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450632Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x174%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450631Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\threading.cpython-311.pyc0x170%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450630Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\threading.cpython-311.pyc0x170%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450629Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\threading.py0x170%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450628Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\threading.py0x170%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450627Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x170%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450626Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x170%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450625Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x170%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450624Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\signal.cpython-311.pyc0x16c%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450623Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\signal.cpython-311.pyc0x16c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450622Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\signal.py0x16c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450621Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\signal.py0x16c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450620Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x16c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450619Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x16c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450618Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x16c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450617Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\locale.cpython-311.pyc0x16c%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450616Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\locale.cpython-311.pyc0x16c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450615Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\locale.py0x16c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450614Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\locale.py0x16c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450613Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x16c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450612Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x16c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450611Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x16c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450610Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\subprocess.cpython-311.pyc0x168%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450609Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\subprocess.cpython-311.pyc0x168%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450608Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\subprocess.py0x168%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450607Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\subprocess.py0x168%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450606Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x168%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450605Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x168%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450604Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x168%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450603Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\ctypes\__pycache__\util.cpython-311.pyc0xec%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450602Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\ctypes\__pycache__\util.cpython-311.pyc0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450601Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\ctypes\util.py0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450600Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\ctypes\util.py0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450599Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\ctypes0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450598Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\ctypes\__pycache__\_endian.cpython-311.pyc0x164%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450597Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\ctypes\__pycache__\_endian.cpython-311.pyc0x164%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450596Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\ctypes\_endian.py0x164%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450595Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\ctypes\_endian.py0x164%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450594Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\ctypes0x164%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450593Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\ctypes0x164%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450592Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\ctypes0x164%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450591Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\ctypes0x164%%4423 0x800xef4C:\Python311\python.exe 4663101280100x80200000000000001450590Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows0x158%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001450589Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize0x148%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001450588Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize0x148%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450587Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\imm32.dll0x144%%4416 0x10xef4C:\Python311\python.exeS:AI 4663101280100x80200000000000001450586Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Ole0x10c%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001450585Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Ole0x10c%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001450584Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Ole0x10c%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450583Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs\libffi-8.dll0x118%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450582Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs\_ctypes.pyd0x424%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450581Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0x110%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450580Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs\_ctypes.pyd0x10c%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450579Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs\_ctypes.pyd0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450578Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450577Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450576Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\ctypes\__pycache__\__init__.cpython-311.pyc0xf4%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450575Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\ctypes\__pycache__\__init__.cpython-311.pyc0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450574Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\ctypes\__init__.py0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450573Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\ctypes\__init__.py0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450572Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450571Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450570Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450569Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\pythonwin0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450568Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win32\lib0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450567Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win320xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450566Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450565Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python3110xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450564Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450563Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450562Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450561Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\warnings.cpython-311.pyc0xf0%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450560Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\warnings.cpython-311.pyc0xf0%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450559Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\warnings.py0xf0%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450558Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\warnings.py0xf0%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450557Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0xf0%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450556Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0xf0%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450555Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0xf0%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450554Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\importlib\__pycache__\__init__.cpython-311.pyc0xf4%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450553Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\importlib\__pycache__\__init__.cpython-311.pyc0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450552Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\importlib\__init__.py0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450551Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\importlib\__init__.py0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450550Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450549Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450548Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450547Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\__pycache__\_file_system.cpython-311.pyc0xec%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450546Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\__pycache__\_file_system.cpython-311.pyc0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450545Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\_file_system.py0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450544Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\_file_system.py0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450543Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450542Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\__pycache__\py3compat.cpython-311.pyc0xf4%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450541Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\__pycache__\py3compat.cpython-311.pyc0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450540Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\py3compat.py0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450539Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\py3compat.py0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450538Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util0xf4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450537Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\__pycache__\_raw_api.cpython-311.pyc0x128%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450536Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\__pycache__\_raw_api.cpython-311.pyc0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450535Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\_raw_api.py0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450534Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\_raw_api.py0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450533Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util0x128%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450532Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450531Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450530Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450529Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\__pycache__\__init__.cpython-311.pyc0xec%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450528Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\__pycache__\__init__.cpython-311.pyc0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450527Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\__init__.py0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450526Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Util\__init__.py0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450525Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome0xec%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450524Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_ecb.cpython-311.pyc0x104%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450523Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\_mode_ecb.cpython-311.pyc0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450522Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_ecb.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450521Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\_mode_ecb.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450520Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher0x104%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450519Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450518Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450517Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450516Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\__init__.cpython-311.pyc0x100%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450515Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__pycache__\__init__.cpython-311.pyc0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450514Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__init__.py0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450513Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\Cipher\__init__.py0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450512Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome0x100%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450511Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450510Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450509Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450508Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\__pycache__\__init__.cpython-311.pyc0x108%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450507Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\__pycache__\__init__.cpython-311.pyc0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450506Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\__init__.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450505Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\Cryptodome\__init__.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450504Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450503Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python3110x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450502Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450501Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450500Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450499Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs\_lzma.pyd0x424%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450498Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0xec%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450497Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs\_lzma.pyd0x124%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450496Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs\_lzma.pyd0x124%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450495Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x124%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450494Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x124%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450493Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\lzma.cpython-311.pyc0x108%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450492Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\lzma.cpython-311.pyc0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450491Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\lzma.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450490Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\lzma.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450489Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450488Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450487Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450486Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs\_bz2.pyd0x424%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450485Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0xec%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450484Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs\_bz2.pyd0x124%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450483Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs\_bz2.pyd0x124%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450482Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x124%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450481Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x124%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450480Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\_compression.cpython-311.pyc0x128%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450479Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\_compression.cpython-311.pyc0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450478Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\_compression.py0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450477Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\_compression.py0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450476Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450475Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450474Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x128%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450473Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\bz2.cpython-311.pyc0x104%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450472Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\bz2.cpython-311.pyc0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450471Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\bz2.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450470Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\bz2.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450469Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450468Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450467Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450466Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\pythonwin0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450465Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win32\lib0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450464Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win320x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450463Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450462Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python3110x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450461Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450460Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450459Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450458Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\fnmatch.cpython-311.pyc0x104%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450457Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\fnmatch.cpython-311.pyc0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450456Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\fnmatch.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450455Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\fnmatch.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450454Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450453Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450452Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450451Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\shutil.cpython-311.pyc0xe4%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450450Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\shutil.cpython-311.pyc0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450449Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\shutil.py0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450448Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\shutil.py0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450447Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450446Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450445Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450444Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json\__pycache__\encoder.cpython-311.pyc0x108%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450443Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json\__pycache__\encoder.cpython-311.pyc0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450442Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json\encoder.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450441Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json\encoder.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450440Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450439Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json\__pycache__\scanner.cpython-311.pyc0x124%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450438Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json\__pycache__\scanner.cpython-311.pyc0x124%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450437Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json\scanner.py0x124%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450436Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json\scanner.py0x124%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450435Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json0x124%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450434Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json\__pycache__\decoder.cpython-311.pyc0x108%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450433Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json\__pycache__\decoder.cpython-311.pyc0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450432Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json\decoder.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450431Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json\decoder.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450430Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json0x108%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450429Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450428Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450427Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450426Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json\__pycache__\__init__.cpython-311.pyc0x100%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450425Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json\__pycache__\__init__.cpython-311.pyc0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450424Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json\__init__.py0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450423Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\json\__init__.py0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450422Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450421Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450420Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450419Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs\sqlite3.dll0x424%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450418Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0x10c%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450417Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs\sqlite3.dll0x124%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450416Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs\_sqlite3.pyd0x51c%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450415Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0x114%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450414Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs\_sqlite3.pyd0x10c%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450413Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\python3.dll0x51c%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450412Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0x114%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450411Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\python3.dll0x10c%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450410Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs\_sqlite3.pyd0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450409Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450408Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450407Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\collections\__pycache__\abc.cpython-311.pyc0x110%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450406Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\collections\__pycache__\abc.cpython-311.pyc0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450405Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\collections\abc.py0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450404Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\collections\abc.py0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450403Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\collections0x110%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450402Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\collections0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450401Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\collections0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450400Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\collections0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450399Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\datetime.cpython-311.pyc0x10c%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450398Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\datetime.cpython-311.pyc0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450397Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\datetime.py0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450396Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\datetime.py0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450395Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450394Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450393Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450392Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\sqlite3\__pycache__\dbapi2.cpython-311.pyc0x108%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450391Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\sqlite3\__pycache__\dbapi2.cpython-311.pyc0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450390Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\sqlite3\dbapi2.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450389Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\sqlite3\dbapi2.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450388Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\sqlite30x108%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450387Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\sqlite30x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450386Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\sqlite30x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450385Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\sqlite30x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450384Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\sqlite3\__pycache__\__init__.cpython-311.pyc0x100%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450383Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\sqlite3\__pycache__\__init__.cpython-311.pyc0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450382Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\sqlite3\__init__.py0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450381Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\sqlite3\__init__.py0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450380Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450379Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450378Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450377Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\struct.cpython-311.pyc0x108%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450376Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\struct.cpython-311.pyc0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450375Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\struct.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450374Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\struct.py0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450373Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450372Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450371Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450370Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\base64.cpython-311.pyc0xe4%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450369Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\base64.cpython-311.pyc0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450368Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\base64.py0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450367Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\base64.py0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450366Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450365Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450364Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450363Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\copyreg.cpython-311.pyc0x104%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450362Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\copyreg.cpython-311.pyc0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450361Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\copyreg.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450360Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\copyreg.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450359Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450358Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450357Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450356Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\__pycache__\_casefix.cpython-311.pyc0x110%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450355Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\__pycache__\_casefix.cpython-311.pyc0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450354Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\_casefix.py0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450353Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\_casefix.py0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450352Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450351Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\__pycache__\_constants.cpython-311.pyc0x118%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450350Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\__pycache__\_constants.cpython-311.pyc0x118%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450349Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\_constants.py0x118%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450348Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\_constants.py0x118%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450347Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re0x118%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450346Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\__pycache__\_parser.cpython-311.pyc0x110%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450345Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\__pycache__\_parser.cpython-311.pyc0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450344Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\_parser.py0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450343Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\_parser.py0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450342Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450341Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\__pycache__\_compiler.cpython-311.pyc0x104%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450340Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\__pycache__\_compiler.cpython-311.pyc0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450339Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\_compiler.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450338Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\_compiler.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450337Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re0x104%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450336Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450335Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450334Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450333Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\reprlib.cpython-311.pyc0x120%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450332Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\reprlib.cpython-311.pyc0x120%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450331Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\reprlib.py0x120%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450330Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\reprlib.py0x120%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450329Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x120%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450328Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x120%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450327Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x120%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450326Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\keyword.cpython-311.pyc0x11c%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450325Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\keyword.cpython-311.pyc0x11c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450324Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\keyword.py0x11c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450323Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\keyword.py0x11c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450322Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x11c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450321Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x11c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450320Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x11c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450319Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\collections\__pycache__\__init__.cpython-311.pyc0x114%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450318Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\collections\__pycache__\__init__.cpython-311.pyc0x114%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450317Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\collections\__init__.py0x114%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450316Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\collections\__init__.py0x114%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450315Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x114%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450314Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x114%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450313Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x114%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450312Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\functools.cpython-311.pyc0x10c%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450311Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\functools.cpython-311.pyc0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450310Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\functools.py0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450309Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\functools.py0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450308Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450307Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450306Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450305Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\operator.cpython-311.pyc0x10c%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450304Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\operator.cpython-311.pyc0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450303Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\operator.py0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450302Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\operator.py0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450301Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450300Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450299Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450298Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\types.cpython-311.pyc0x110%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450297Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\types.cpython-311.pyc0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450296Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\types.py0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450295Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\types.py0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450294Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450293Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450292Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450291Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\enum.cpython-311.pyc0x104%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450290Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\__pycache__\enum.cpython-311.pyc0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450289Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\enum.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450288Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\enum.py0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450287Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450286Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450285Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450284Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\__pycache__\__init__.cpython-311.pyc0xe4%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450283Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\__pycache__\__init__.cpython-311.pyc0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450282Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\__init__.py0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450281Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\re\__init__.py0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450280Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450279Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450278Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0xe4%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450277Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450276Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450275Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450274Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads\simulate_redline_browser_stealer.py0xd8%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450273Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads\simulate_redline_browser_stealer.py0xd8%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450272Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads\simulate_redline_browser_stealer.py0xd8%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450271Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads\simulate_redline_browser_stealer.py0xe8%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450270Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads\simulate_redline_browser_stealer.py0xe8%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450269Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads\simulate_redline_browser_stealer.py0xe8%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450268Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\pythonwin0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450267Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win32\lib0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450266Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win320x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450265Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450264Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python3110x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450263Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450262Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450261Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\pythonwin0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450260Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win32\lib0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450259Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win320x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450258Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450257Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python3110x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450256Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450255Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x104%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450254Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\pywin32_system320x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450253Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\pythonwin0x114%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450252Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\pythonwin0x114%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450251Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\pythonwin0x114%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450250Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\pythonwin0x114%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450249Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win32\lib0x114%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450248Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win320x114%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450247Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\pywin32_system320x114%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450246Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages0x114%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450245Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python3110x114%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450244Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x114%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450243Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x114%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450242Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win32\lib\__pycache__\pywin32_bootstrap.cpython-311.pyc0x110%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450241Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win32\lib\__pycache__\pywin32_bootstrap.cpython-311.pyc0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450240Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win32\lib\pywin32_bootstrap.py0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450239Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win32\lib\pywin32_bootstrap.py0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450238Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win32\lib0x110%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450237Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win32\lib0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450236Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win32\lib0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450235Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win32\lib0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450234Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win320x110%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450233Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win320x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450232Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win320x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450231Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win320x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450230Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450229Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python3110x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450228Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450227Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x110%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450226Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\pythonwin0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450225Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win32\lib0x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450224Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\win320x108%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450223Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\pywin32.pth0x100%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450222Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\pywin32.pth0x100%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450221Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\_distutils_hack\__pycache__\__init__.cpython-311.pyc0x10c%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450220Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\_distutils_hack\__pycache__\__init__.cpython-311.pyc0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450219Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\_distutils_hack\__init__.py0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450218Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\_distutils_hack\__init__.py0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450217Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages0x10c%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450216Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450215Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450214Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450213Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python3110x10c%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450212Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python3110x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450211Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python3110x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450210Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python3110x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450209Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450208Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0x10c%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450207Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\distutils-precedence.pth0xe4%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450206Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages\distutils-precedence.pth0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450205Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages0xe4%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450204Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\site-packages0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450203Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python3110xe4%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450202Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python3110xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450201Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\en-US\kernel32.dll.mui0xfc%%4416 0x10xef4C:\Python311\python.exeS:AI 4663101280000x80200000000000001450200Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings\__pycache__\cp1252.cpython-311.pyc0xd8%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450199Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings\__pycache__\cp1252.cpython-311.pyc0xd8%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450198Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings\cp1252.py0xd8%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450197Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings\cp1252.py0xd8%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450196Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings0xd8%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450195Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings\__pycache__\utf_8.cpython-311.pyc0xdc%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450194Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings\__pycache__\utf_8.cpython-311.pyc0xdc%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450193Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings\utf_8.py0xdc%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450192Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings\utf_8.py0xdc%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450191Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings0xdc%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450190Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings\__pycache__\aliases.cpython-311.pyc0xe4%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450189Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings\__pycache__\aliases.cpython-311.pyc0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450188Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings\aliases.py0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450187Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings\aliases.py0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450186Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings0xe4%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450185Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450184Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450183Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings0xe4%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450182Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings\__pycache__\__init__.cpython-311.pyc0xd8%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450181Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings\__pycache__\__init__.cpython-311.pyc0xd8%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450180Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings\__init__.py0xd8%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450179Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib\encodings\__init__.py0xd8%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450178Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0xd8%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450177Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0xd8%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450176Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0xd8%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450175Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\Lib0xd8%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450174Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0xd8%%4416 0x10xef4C:\Python311\python.exe 4663101280000x80200000000000001450173Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0xd8%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450172Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0xd8%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450171Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\DLLs0xd8%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450170Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python3110xd8%%4423 0x800xef4C:\Python311\python.exe 4663101280000x80200000000000001450169Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\en-US\tzres.dll.mui0xe0%%4416 0x10xef4C:\Python311\python.exeS:AI 4663101280000x80200000000000001450168Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\tzres.dll0xe0%%4416 0x10xef4C:\Python311\python.exeS:AI 4663101280000x80200000000000001450167Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\en-US\tzres.dll.mui0xe0%%4416 0x10xef4C:\Python311\python.exeS:AI 4663101280000x80200000000000001450166Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\tzres.dll0xe0%%4416 0x10xef4C:\Python311\python.exeS:AI 4663101280100x80200000000000001450165Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Python\PythonCore\3.11\PythonPath0xd0%%4435 0x80xef4C:\Python311\python.exe- 4663101280100x80200000000000001450164Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa0xb8%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001450163Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy0xb4%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001450162Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy0xb4%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001450161Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale0xac%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001450160Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale0xac%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001450159Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager0x84%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001450158Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions0x6c%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450157Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\bcrypt.dll0x84%%4421 0x200xef4C:\Python311\python.exeS:AI 4663101280100x80200000000000001450156Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager0x94%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450155Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\version.dll0x84%%4421 0x200xef4C:\Python311\python.exeS:AI 4663101280000x80200000000000001450154Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\python311.dll0x404%%4423 0x800x10cC:\Windows\System32\csrss.exe 4663101280100x80200000000000001450153Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0x78%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001450152Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\Control Panel\Desktop\MuiCached0x7c%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001450151Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\Control Panel\Desktop0x7c%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001450150Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\Control Panel\Desktop\LanguageConfiguration0x7c%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450149Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\vcruntime140.dll0x78%%4421 0x200xef4C:\Python311\python.exe 4663101280000x80200000000000001450148Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\python311.dll0x74%%4421 0x200xef4C:\Python311\python.exe 4663101280100x80200000000000001450147Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager0x70%%4432 0x10xef4C:\Python311\python.exe- 4663101280100x80200000000000001450146Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers0x54%%4432 0x10xef4C:\Python311\python.exe- 4663101280000x80200000000000001450145Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\python.exe0x1d0%%4423 0x800x155cC:\Windows\py.exe 4663101280100x80200000000000001450144Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders0x1dc%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450143Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers0x1dc%%4432 0x10x155cC:\Windows\py.exe- 4663101280000x80200000000000001450142Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Python311\python.exe0x1098%%4421 0x200x155cC:\Windows\py.exe 4663101280100x80200000000000001450141Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Python\PyLauncher0x1ac%%4435 0x80x155cC:\Windows\py.exe- 4663101280100x80200000000000001450140Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Python0x1bc%%4435 0x80x155cC:\Windows\py.exe- 4663101280100x80200000000000001450139Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Python\PythonCore\3.110x1c0%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450138Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Python\PythonCore\3.11\InstallPath0x1c4%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450137Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Python\PythonCore\3.11\InstallPath0x1c4%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450136Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Python\PythonCore\3.11\InstallPath0x1c4%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450135Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Python\PythonCore\3.11\InstallPath0x1c4%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450134Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Python\PythonCore\3.11\InstallPath0x1c4%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450133Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Python\PythonCore0x1ac%%4435 0x80x155cC:\Windows\py.exe- 4663101280100x80200000000000001450132Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Python0x1bc%%4435 0x80x155cC:\Windows\py.exe- 4663101280100x80200000000000001450131Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids0x1b8%%4432 0x10x155cC:\Windows\py.exe- 4663101280000x80200000000000001450130Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\Globalization\Sorting\SortDefault.nls0x1b8%%4416 0x10x155cC:\Windows\py.exeS:AI 4663101280100x80200000000000001450129Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale0x1b8%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450128Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale0x1b8%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450127Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x1bc%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450126Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}0x1b4%%4432 0x10x155cC:\Windows\py.exe- 4663101280000x80200000000000001450125Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads\simulate_redline_browser_stealer.py0x1a8%%4416 0x10x155cC:\Windows\py.exe 4663101280100x80200000000000001450124Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows0x12c%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450123Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\Control Panel\Desktop\MuiCached0x130%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450122Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\Control Panel\Desktop0x130%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450121Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\Control Panel\Desktop\LanguageConfiguration0x130%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450120Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\MUI\UILanguages\en-US0x130%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450119Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\MUI\UILanguages0x12c%%4435 0x80x155cC:\Windows\py.exe- 4663101280100x80200000000000001450118Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language0x12c%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450117Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale0x128%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450116Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize0x118%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450115Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize0x118%%4432 0x10x155cC:\Windows\py.exe- 4663101280000x80200000000000001450114Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\SysWOW64\imm32.dll0x114%%4416 0x10x155cC:\Windows\py.exeS:AI 4663101280100x80200000000000001450113Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Ole0xdc%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450112Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Ole0xdc%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450111Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Ole0xdc%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450110Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa0xb8%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450109Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy0xb4%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450108Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy0xb4%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450107Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions0xa4%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450106Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager0xb8%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450105Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers0x8c%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450104Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Wow64\x860x4c%%4432 0x10x155cC:\Windows\py.exe- 4663101280100x80200000000000001450103Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9ac9fbe1-e0a2-4ad6-b4ee-e212013ea917}\InProcServer320x18c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450102Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9ac9fbe1-e0a2-4ad6-b4ee-e212013ea917}0x3d0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450101Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Python.File\Shell\open\command0x1b8%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450100Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Python.File\Shell\open\command0x1b8%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450099Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache0x1b8%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450098Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache0x1b8%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450097Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Python.File\Shell\open\command0x1b8%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280000x80200000000000001450096Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\AppPatch\pcamain.sdb0xa28%%4423 0x800x198C:\Windows\System32\svchost.exeS:AI 4663101280100x80200000000000001450095Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store0x7cc%%4432 0x10x198C:\Windows\System32\svchost.exe- 4663101280100x80200000000000001450094Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders0xa28%%4432 0x10x198C:\Windows\System32\svchost.exe- 4663101280000x80200000000000001450093Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\WinSxS\FileMaps\$$.cdf-ms0x384%%4416 0x10x1868C:\Windows\System32\cmd.exeS:AI 4663101280100x80200000000000001450092Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide0x3fc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280000x80200000000000001450091Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\py.exe0x388%%4423 0x800x1868C:\Windows\System32\cmd.exe 4663101280100x80200000000000001450090Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders0x3fc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280000x80200000000000001450089Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\py.exe0x1160%%4421 0x200x1868C:\Windows\System32\cmd.exe 4663101280100x80200000000000001450088Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x244%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450087Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.py\OpenWithProgids0x388%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450086Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.py0x244%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450085Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Python.File\Shell\open\command0x244%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280000x80200000000000001450084Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\py.exe0x244%%4416 0x10x1868C:\Windows\System32\cmd.exe 4663101280100x80200000000000001450083Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC82860-468D-4d4e-B7E7-C298FF23AB2C}\InProcServer320x2a0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450082Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC82860-468D-4d4e-B7E7-C298FF23AB2C}0x244%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450081Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Python.File\Shell\open\command0x244%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450080Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Python.File\Shell\open\command0x244%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450079Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers0x244%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450078Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Python.File\Shell\open\command0x244%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280000x80200000000000001450077Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads\simulate_redline_browser_stealer.py0x244%%1538 0x200000x1868C:\Windows\System32\cmd.exe 4663101280100x80200000000000001450076Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security0x244%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450075Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Internet Explorer\Security0x244%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450074Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer320x2a0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450073Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}0x244%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450072Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zipfldr.dll0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450071Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wusa.exe0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450070Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\WScript.exe0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450069Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wpnpinst.exe0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450068Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wordpad.exe\shell\open\command0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450067Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wordpad.exe\shell\open0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450066Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wordpad.exe\shell0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450065Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wordpad.exe\shell\open0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450064Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wordpad.exe\shell0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450063Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wordpad.exe0x384%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450062Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wordpad.exe\shell\open\command0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450061Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wordpad.exe\shell\open0x384%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450060Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wordpad.exe\shell0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450059Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wordpad.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450058Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wordpad.exe0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450057Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\shell\play\command0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450056Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\shell\play0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450055Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\shell0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450054Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\shell\play0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450053Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\shell0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450052Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe0x3fc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450051Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\shell\play\command0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450050Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\shell\play0x3fc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450049Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\shell0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450048Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450047Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450046Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wltmime.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450045Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\WINWORD.EXE0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450044Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\WINWORD.EXE0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450043Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\winhlp32.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450042Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\WB32.EXE0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450041Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\wab.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450040Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\url.dll0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450039Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Ttxmpc97.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450038Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\themes.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450037Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\SystemReset.exe0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450036Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\SystemReset.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450035Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\snapview.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450034Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\shscrap.dll0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450033Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\shell32.dll0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450032Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\shdocvw.dll0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450031Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\sdclt.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450030Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\runtimebroker.exe0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450029Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\runtimebroker.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450028Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\regedit.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450027Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\rasphone.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450026Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\photoviewer.dll\shell\print0x3fc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450025Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\photoviewer.dll\shell0x260%%4435 0x80x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450024Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\photoviewer.dll\shell0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450023Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\photoviewer.dll0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450022Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\photoviewer.dll0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450021Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\perfmon.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450020Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Outlook.EXE0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450019Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\OSA.EXE0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450018Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\ORGCHART.EXE0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450017Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\OpenWith.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450016Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\oledb32.dll0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450015Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\NTVDM.exe0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450014Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\NTVDM.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450013Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\notepad.exe\shell\open\command0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450012Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\notepad.exe\shell\open0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450011Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\notepad.exe\shell0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450010Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\notepad.exe\shell\open0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450009Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\notepad.exe\shell0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450008Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\notepad.exe0x3bc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450007Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\notepad.exe\shell\open\command0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450006Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\notepad.exe\shell\open0x3bc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450005Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\notepad.exe\shell0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450004Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\notepad.exe0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450003Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\notepad.exe0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450002Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\netshell.dll0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450001Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\msrating.dll0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001450000Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mspaint.exe\shell\edit\command0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449999Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mspaint.exe\shell\edit0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449998Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mspaint.exe\shell0x260%%4435 0x80x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449997Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mspaint.exe\shell0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449996Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mspaint.exe\shell\edit0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449995Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mspaint.exe\shell0x3dc%%4435 0x80x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449994Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mspaint.exe\shell0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449993Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mspaint.exe0x3a4%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449992Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mspaint.exe\shell\edit\command0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449991Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mspaint.exe\shell\edit0x3a4%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449990Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mspaint.exe\shell0x26c%%4435 0x80x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449989Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mspaint.exe\shell0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449988Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mspaint.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449987Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mspaint.exe0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449986Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\MSInfo32.exe0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449985Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\msimn.exe0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449984Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\msiexec.exe0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449983Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mshta.exe0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449982Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\msconf.dll0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449981Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mplayer.exe0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449980Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\mnyimprt.exe0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449979Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\MMC.exe0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449978Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\licensemanagershellext.exe0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449977Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\kodakprv.EXE0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449976Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\isoburn.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449975Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\isoburn.exe0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449974Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\ISIGNUP.EXE0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449973Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\inetcpl.cpl0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449972Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449971Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449970Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449969Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449968Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449967Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\iexplore.exe0x2b8%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449966Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449965Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open0x2b8%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449964Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449963Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\iexplore.exe0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449962Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\iexplore.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449961Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\HYPERTRM.EXE0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449960Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\hh.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449959Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\helpctr.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449958Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\grpconv.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449957Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\graflink.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449956Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\fpidcwiz.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449955Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\fontview.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449954Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\firefox.exe\shell\open\command0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449953Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\firefox.exe\shell\open0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449952Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\firefox.exe\shell0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449951Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\firefox.exe\shell\open0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449950Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\firefox.exe\shell0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449949Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\firefox.exe0x3d4%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449948Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\firefox.exe\shell\open\command0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449947Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\firefox.exe\shell\open0x3d4%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449946Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\firefox.exe\shell0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449945Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\firefox.exe0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449944Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\firefox.exe0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449943Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\finder.exe0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449942Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\faxcover.exe0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449941Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\explorer.exe0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449940Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\dsquery.dll0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449939Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\drwatson.exe0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449938Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\depends.exe0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449937Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\datainst.exe0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449936Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\cryptext.dll0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449935Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\CMMGR32.EXE0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449934Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\cmd.exe0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449933Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\chrome.exe\shell\open\command0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449932Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\chrome.exe\shell\open0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449931Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\chrome.exe\shell0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449930Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\chrome.exe\shell\open0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449929Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\chrome.exe\shell0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449928Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\chrome.exe0x3f8%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449927Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\chrome.exe\shell\open\command0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449926Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\chrome.exe\shell\open0x3f8%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449925Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\chrome.exe\shell0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449924Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\chrome.exe0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449923Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\chrome.exe0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449922Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\cdfview.dll0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449921Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\CChat.exe0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449920Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\cag.exe0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449919Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\awdvstub.exe0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449918Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\ARTGALRY.EXE0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449917Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Python.File\Shell\open\command0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449916Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Python.File\Shell\open0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449915Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Python.File\Shell0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449914Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Acrobat.exe\shell\Open\command0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449913Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Acrobat.exe\shell\Open0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449912Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Acrobat.exe\shell0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449911Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Acrobat.exe\shell\Open0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449910Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Acrobat.exe\shell0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449909Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Acrobat.exe0x390%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449908Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Acrobat.exe\shell\Open\command0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449907Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Acrobat.exe\shell\Open0x390%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449906Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Acrobat.exe\shell0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449905Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Acrobat.exe0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449904Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Acrobat.exe0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449903Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\accwiz.exe0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449902Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Applications0x198%%4435 0x80x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449901Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Applications0x228%%4435 0x80x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449900Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Python.File\Shell\open0x26c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449899Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Python.File\Shell0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449898Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Python.File0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449897Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.py\OpenWithProgids0x198%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449896Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy\App\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449895Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy\App\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449894Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy\App\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449893Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy\App\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449892Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.1358_neutral_neutral_cw5n1h2txyewy\App\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449891Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.1358_neutral_neutral_cw5n1h2txyewy\App\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449890Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.1198_neutral_neutral_cw5n1h2txyewy\App\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449889Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.1198_neutral_neutral_cw5n1h2txyewy\App\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449888Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy\App\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449887Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy\App\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449886Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy\App\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449885Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy\App\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449884Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.447_neutral_neutral_cw5n1h2txyewy\App\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449883Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.447_neutral_neutral_cw5n1h2txyewy\App\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449882Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy\CortanaUI\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449881Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy\CortanaUI\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449880Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy\Microsoft.XboxGameCallableUI\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449879Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy\Microsoft.XboxGameCallableUI\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449878Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy\App\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449877Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy\App\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449876Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.206_neutral_neutral_cw5n1h2txyewy\App\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449875Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.206_neutral_neutral_cw5n1h2txyewy\App\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449874Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy\App\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449873Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy\App\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449872Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449871Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449870Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Adobe\Adobe Acrobat\DC\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449869Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Adobe\Adobe Acrobat\DC\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449868Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449867Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449866Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449865Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449864Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449863Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449862Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449861Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Clients\Media\Windows Media Player\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449860Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Clients\Media\Windows Media Player\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449859Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\IsoBurn\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449858Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\IsoBurn\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449857Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Clients\Contacts\Address Book\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449856Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Clients\Contacts\Address Book\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449855Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449854Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449853Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Capabilities\FileAssociations0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449852Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449851Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Capabilities0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449850Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449849Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Python.File\Shell\open0x260%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449848Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Python.File\Shell0x3dc%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449847Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Python.File0x2c8%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449846Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.py0x2c8%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449845Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.py0x228%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449844Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.py\OpenWithList0x388%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449843Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\RegisteredApplications0x2a0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449842Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\RegisteredApplications0x244%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449841Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.py\OpenWithProgids0x244%%4433 0x20x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449840Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.py0x244%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449839Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts0x198%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449838Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.py\OpenWithProgids0x198%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449837Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.py0x2a0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449836Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\InProcServer320x244%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449835Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}0x2a0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449834Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid320x244%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449833Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Ole0x2a0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449832Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Ole\AppCompat0x2a0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449831Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Ole\AppCompat0x2a0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449830Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock0x2a0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449829Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx0x2a0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449828Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Python.File\Shell\open0x3d0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449827Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Python.File\Shell0x3e0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449826Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Python.File0x18c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449825Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.py\OpenWithProgids0x3e0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449824Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.py0x3ec%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449823Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{088e3905-0323-4b02-9826-5d99428e115f}\Instance\InitPropertyBag0x3e0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449822Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\InProcServer320x1d8%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449821Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}0x3e0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449820Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\InProcServer320x3e0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449819Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{088e3905-0323-4b02-9826-5d99428e115f}\Instance0x3ec%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449818Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server0x1d8%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449817Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server0x1d8%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449816Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Ole0x3ec%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449815Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4df0c730-df9d-4ae3-9153-aa6b82e9795a}\InProcServer320x3e0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449814Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4df0c730-df9d-4ae3-9153-aa6b82e9795a}0x3ec%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449813Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\COM30x3ec%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449812Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}0x25c%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449811Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions0x3c0%%4435 0x80x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449810Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x3c0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449809Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x3c0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449808Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x3c0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280100x80200000000000001449807Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x3c0%%4432 0x10x1868C:\Windows\System32\cmd.exe- 4663101280000x80200000000000001449806Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x3c0%%4416 0x10x1868C:\Windows\System32\cmd.exe 4663101280000x80200000000000001449805Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads\simulate_redline_browser_stealer.py0x1160%%4421 0x200x1868C:\Windows\System32\cmd.exe 4663101280000x80200000000000001449804Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\Downloads0x388%%4416 0x10x1868C:\Windows\System32\cmd.exe 4663101280100x80200000000000001451292Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x744%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451291Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x6c4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451290Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x744%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451289Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x6c4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451288Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x744%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451287Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x6c4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451286Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x744%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451285Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x6c4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451284Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\SchemeHandlers\ms-winsoundevent:0x228c%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451283Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\SchemeHandlers\ms-winsoundevent:0x228c%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451282Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0x4f4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451281Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0x4f4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451280Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\Platform0x2298%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451279Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.png0x7ec%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451278Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.png0x654%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451277Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x524%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451276Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x524%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451275Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x780%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451274Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x780%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451273Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.png0x65c%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451272Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x68c%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451271Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x68c%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451270Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.png0x7ac%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451269Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x620%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451268Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x620%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451267Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x620%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451266Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x620%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451265Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x7ac%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451264Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x620%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451263Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x7ac%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451262Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x7ac%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451261Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x6b0%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451260Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x7ac%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451259Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x6b0%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451258Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x6b0%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451257Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x460%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451256Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x6b0%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451255Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x610%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451254Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\NotifyIcon0x610%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451253Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280100x80200000000000001451252Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x524%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451251Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x148%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451250Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280100x80200000000000001451249Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x524%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451248Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer0x610%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451247Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft0x524%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451246Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local0x524%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451245Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows0x610%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451244Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData0x524%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451243Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft0x610%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451242Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator0x524%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451241Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users0x524%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001451240Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local0x610%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451239Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\ImmersiveControlPanel\images0x71c%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001451238Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData0x610%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451237Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\ImmersiveControlPanel0x71c%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001451236Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search0x7b4%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451235Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator0x610%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451234Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows0x71c%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001451233Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users0x610%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001451232Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\0x71c%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001451231Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\0x524%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001451230Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache0x7b4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280100x80200000000000001451229Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x71c%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451228Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x524%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451227Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x68c%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451226Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\0x610%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001451225Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows0x7b4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280100x80200000000000001451224Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x68c%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451223Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x768%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451222Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x68c%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451221Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x768%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451220Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft0x7b4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280100x80200000000000001451219Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x68c%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451218Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x768%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451217Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x610%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451216Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local0x7b4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280100x80200000000000001451215Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x768%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451214Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\MostRecentlyUsed0x68c%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451213Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\MostRecentlyUsed0x768%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451212Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData0x768%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280100x80200000000000001451211Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x7b8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451210Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp0x71c%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451209Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator0x768%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280100x80200000000000001451208Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp0x68c%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451207Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x7b8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451206Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x7b8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451205Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users0x524%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001451204Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x7b8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451203Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\MostRecentlyUsed0x7b8%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451202Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\0x71c%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001451201Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp0x7b8%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451200Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x71c%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451199Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x618%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451198Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\MostRecentlyUsed0x2d4%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451197Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x720%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451196Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp0x460%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451195Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x66c%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451194Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x7fc%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451193Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Storage.StorageFileStartExperienceStaticsBrokered0x65c%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451192Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Storage.StorageFileStartExperienceStaticsBrokered0x6c8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451191Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Storage.StorageFileStartExperienceStaticsBrokered0x66c%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451190Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Schemas0x18a4%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451189Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x1d24%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451188Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x18a4%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451187Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Schemas0x21d4%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451186Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x1e70%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451185Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x21d4%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451184Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x18a4%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451183Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x21d4%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451182Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Schemas0x1c10%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451181Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Schemas0x2078%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451180Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x2258%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451179Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x21f0%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451178Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x1c10%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451177Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x2078%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451176Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x2258%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451175Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x2078%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451174Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings0x914%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451173Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0xbb0%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451172Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0xbc4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451171Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\Control Panel\International\Geo0x78c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451170Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x263c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451169Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x263c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451168Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x263c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451167Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x263c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451166Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x263c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451165Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x263c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451164Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings0x263c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451163Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1462_0.png0x78c%%4424 0x1000x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451162Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1462_0.png0x78c%%4418 0x40x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451161Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{339A7A8B-6614-4FB6-9DE2-B5838408E3D6}.png0x263c%%4416 0x10x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451160Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1462_0.png0x78c%%4417 0x20x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451159Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{339A7A8B-6614-4FB6-9DE2-B5838408E3D6}.png0xadc%%1538 0x200000x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451158Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1462_0.png0x78c%%4423 0x800x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451157Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{339A7A8B-6614-4FB6-9DE2-B5838408E3D6}.png0x263c%%4423 0x800x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451156Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{339A7A8B-6614-4FB6-9DE2-B5838408E3D6}.png0x1ffc%%4418 0x40x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451155Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{339A7A8B-6614-4FB6-9DE2-B5838408E3D6}.png0x1ffc%%4417 0x20x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451154Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\imageres.dll0x99c%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451376Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451375Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451374Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451373Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451372Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451371Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451370Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451369Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451368Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451367Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451366Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451365Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451364Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451363Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451362Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451361Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451360Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451359Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451358Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451357Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451356Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451355Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451354Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451353Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451352Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451351Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451350Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451349Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451348Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451347Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451346Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451345Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451344Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451343Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451342Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451341Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451340Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451339Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451338Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451337Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451336Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451335Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451334Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451333Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451332Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451331Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451330Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451329Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451328Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451327Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451326Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451325Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451324Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451323Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451322Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451321Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451320Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451319Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451318Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451317Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451316Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451315Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451314Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451313Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451312Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451311Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451310Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451309Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451308Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451307Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451306Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451305Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451304Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451303Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451302Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451301Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451300Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451299Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451298Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451297Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451296Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451295Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451294Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451293Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451472Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451471Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451470Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451469Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451468Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451467Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451466Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451465Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451464Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451463Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451462Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451461Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451460Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451459Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451458Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451457Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451456Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451455Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451454Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451453Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451452Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451451Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451450Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451449Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451448Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451447Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451446Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451445Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451444Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451443Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451442Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451441Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451440Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451439Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451438Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451437Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451436Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451435Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451434Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451433Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451432Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451431Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451430Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451429Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451428Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451427Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451426Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451425Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451424Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451423Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451422Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451421Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451420Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451419Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451418Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451417Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451416Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451415Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451414Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451413Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451412Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451411Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451410Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451409Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451408Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451407Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451406Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451405Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451404Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451403Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451402Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451401Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451400Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451399Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451398Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451397Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451396Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451395Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451394Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451393Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451392Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451391Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451390Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451389Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451388Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451387Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451386Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451385Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451384Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451383Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451382Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451381Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451380Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451379Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451378Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451377Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001451523Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0xb88%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451522Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0xbcc%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451521Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0xbc4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451520Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0xbb0%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451519Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0x64c%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451518Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0x64c%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451517Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xbc4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451516Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xbc4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451515Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xbc4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451514Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xbc4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4660001280000x80200000000000001451513Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5Security0x23e00x1268C:\Windows\explorer.exe{00000000-0000-0000-0000-000000000000} 4663101280000x80200000000000001451512Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{339A7A8B-6614-4FB6-9DE2-B5838408E3D6}.png0x23e0%%1537 0x100000x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451511Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{339A7A8B-6614-4FB6-9DE2-B5838408E3D6}.png0x23e0%%4423 0x800x1268C:\Windows\explorer.exe 4663101280100x80200000000000001451510Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\Control Panel\International\Geo0x2290%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451509Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0xdc4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451508Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0xdc4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451507Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0xdc4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451506Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0xdc4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451505Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0xdc4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451504Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0xdc4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451503Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x64c%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451502Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x730%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451501Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x6d0%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451500Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0xbbc%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451499Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x6d0%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451498Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0xbbc%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451497Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0xb88%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451496Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0xbbc%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451495Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0x6d0%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451494Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0x6d0%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451493Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\Control Panel\International\Geo0x27bc%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451492Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x27ac%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451491Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x27ac%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451490Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x27ac%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451489Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x27ac%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451488Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x27ac%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451487Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x27ac%%4432 0x10x1268C:\Windows\explorer.exe- 4660001280000x80200000000000001451486Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5Security0x22680x1268C:\Windows\explorer.exe{00000000-0000-0000-0000-000000000000} 4663101280000x80200000000000001451485Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1462_0.png0x2268%%1537 0x100000x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451484Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1462_0.png0x2268%%4423 0x800x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451483Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache0x25ac%%4416 0x10x1268C:\Windows\explorer.exe 4663101280100x80200000000000001451482Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x3ec%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451481Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x6d0%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451480Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x6c4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451479Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x540%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451478Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x6c4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451477Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x540%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451476Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x6c4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451475Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x540%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451474Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0x4f4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451473Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0x4f4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280000x80200000000000001451823Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x25ac%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451822Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x26e4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451821Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x1f84%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451820Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1f00%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451819Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1f00%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451818Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0xacc%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451817Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x3ec%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451816Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x2160%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451815Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1f58%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451814Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1f58%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451813Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x2160%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451812Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x1f84%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451811Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x1f00%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451810Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x2268%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451809Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x26e4%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451808Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x27ec%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451807Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x27ec%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451806Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x1f58%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451805Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x2080%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451804Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x3ec%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451803Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x9d8%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451802Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x9d8%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451801Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x3ec%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451800Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x26e4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451799Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x27ec%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451798Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x1f84%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451797Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x2268%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451796Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x25ac%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451795Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x25ac%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451794Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x9d8%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451793Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x2160%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451792Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x2080%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451791Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0xacc%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451790Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0xacc%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451789Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x2080%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451788Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x2268%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451787Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x25ac%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451786Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x26e4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451785Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x1f84%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451784Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1f00%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451783Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1f00%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451782Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x1870%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451781Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x2334%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451780Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x20b0%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451779Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x2294%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451778Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x2294%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451777Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x20b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451776Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x20b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451775Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x2294%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451774Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x26b4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451773Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x2334%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451772Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0xe30%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451771Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0xe30%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451770Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x1f00%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451769Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x2268%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451768Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x26e4%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451767Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x27ec%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451766Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x27ec%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451765Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x26e4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451764Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x2334%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451763Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0xe30%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451762Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x20b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451761Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x26b4%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451760Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1870%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451759Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1870%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451758Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x27ec%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451757Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x1f84%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451756Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x2268%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451755Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x25ac%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451754Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x25ac%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451753Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x2268%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451752Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x26b4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451751Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x1870%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451750Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x2334%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451749Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x20b0%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451748Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x2294%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451747Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x2294%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451746Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x25ac%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451745Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x26e4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451744Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x1f84%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451743Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1f00%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451742Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1f00%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451741Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x1f84%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451740Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x20b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451739Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x2294%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451738Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x26b4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451737Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x2334%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451736Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0xe30%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451735Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0xe30%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451734Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x1f00%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451733Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x2268%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451732Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x26e4%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451731Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x27ec%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451730Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x27ec%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451729Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x26e4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451728Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x2334%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451727Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0xe30%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451726Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x20b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451725Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x26b4%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451724Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1870%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451723Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1870%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451722Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x27ec%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451721Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x1f84%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451720Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x2268%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451719Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x25ac%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451718Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x25ac%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451717Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x2268%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451716Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x26b4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451715Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x1870%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451714Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x2334%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451713Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x20b0%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451712Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x2294%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451711Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x2294%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451710Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x25ac%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451709Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x26e4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451708Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x1f84%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451707Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1f00%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451706Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1f00%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451705Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x1f84%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451704Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x20b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451703Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x2294%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451702Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x26b4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451701Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x2334%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451700Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0xe30%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451699Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0xe30%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451698Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x1f00%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451697Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x2268%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451696Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x26e4%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451695Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x27ec%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451694Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x27ec%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451693Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x26e4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451692Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x2334%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451691Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0xe30%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451690Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x20b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451689Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x26b4%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451688Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1870%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451687Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1870%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451686Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x27ec%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451685Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x1f84%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451684Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x2268%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451683Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x25ac%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451682Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x25ac%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451681Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x2268%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451680Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x26b4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451679Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x1870%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451678Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x2334%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451677Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x20b0%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451676Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x2294%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451675Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x2294%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451674Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0xacc%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451673Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x3ec%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451672Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x2160%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451671Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1f58%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451670Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1f58%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451669Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x2160%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451668Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x20b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451667Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x2294%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451666Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x26b4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451665Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x2334%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451664Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0xe30%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451663Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0xe30%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451662Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x22c0%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451661Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x24bc%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451660Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x23e0%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451659Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1a64%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451658Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1a64%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451657Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x23e0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451656Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x2334%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451655Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0xe30%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451654Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x20b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451653Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x26b4%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451652Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1870%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451651Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1870%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451650Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x1a64%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451649Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x27bc%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451648Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x24bc%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451647Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x9e0%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451646Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x9e0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451645Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x24bc%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451644Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x2268%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451643Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x25ac%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451642Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x26e4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451641Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x1f84%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451640Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1f00%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451639Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1f00%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451638Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x1870%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451637Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x2334%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451636Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x20b0%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451635Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x2294%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451634Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x2294%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451633Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x20b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451632Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x1f84%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451631Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x1f00%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451630Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x2268%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451629Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x26e4%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451628Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x27ec%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451627Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x27ec%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451626Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x2294%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451625Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x26b4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451624Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x2334%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451623Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0xe30%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451622Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0xe30%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451621Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x2334%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451620Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x26e4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451619Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x27ec%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451618Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x1f84%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451617Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x2268%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451616Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x25ac%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451615Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x25ac%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451614Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0xe30%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451613Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x20b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451612Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x26b4%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451611Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1870%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451610Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1870%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451609Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x26b4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451608Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x2268%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451607Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x25ac%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451606Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x26e4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451605Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x1f84%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451604Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1f00%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451603Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1f00%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451602Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x1870%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451601Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x2334%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451600Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x20b0%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451599Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x2294%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451598Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x2294%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451597Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x20b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451596Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x1f84%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451595Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x1f00%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451594Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x2268%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451593Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x26e4%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451592Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x27ec%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451591Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x27ec%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451590Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x2294%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451589Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x26b4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451588Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x2334%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451587Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0xe30%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451586Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0xe30%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451585Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x2334%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451584Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x26e4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451583Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x27ec%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451582Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x1f84%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451581Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x2268%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451580Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x25ac%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451579Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x25ac%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451578Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0xe30%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451577Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x20b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451576Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x26b4%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451575Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1870%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451574Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1870%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451573Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x26b4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451572Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x2268%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451571Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x25ac%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451570Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x26e4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451569Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x1f84%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451568Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1f00%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451567Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1f00%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451566Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x1870%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451565Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x2334%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451564Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x20b0%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451563Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x2294%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451562Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x2294%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451561Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x20b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451560Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x1f84%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451559Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x1f00%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451558Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x2268%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451557Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x26e4%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451556Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x27ec%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451555Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x27ec%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451554Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x2294%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451553Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x26b4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451552Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x2334%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451551Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0xe30%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451550Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0xe30%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451549Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x2334%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451548Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x26e4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451547Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x27ec%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451546Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x1f84%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451545Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x2268%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451544Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x25ac%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451543Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x25ac%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451542Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0xe30%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451541Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x20b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451540Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x26b4%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451539Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1870%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451538Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1870%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451537Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x26b4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451536Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x2268%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451535Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x25ac%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451534Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x26e4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451533Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x1f84%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451532Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x1f00%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451531Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x1f00%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451530Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\UIAutomationCore.dll0x1870%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001451529Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.0\0\win640x2334%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451528Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}\1.00x20b0%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451527Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EA39B853-5769-4937-8ECE-736DE4F469BC}0x2294%%4435 0x80x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451526Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\TypeLib0x2294%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451525Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x20b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451524Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2ad63a67-f12f-4bd7-b1bf-6213290a552a}\ProxyStubClsid320x1f84%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452095Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x4f4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452094Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0xb88%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452093Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x4f4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452092Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0xb88%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452091Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x4f4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452090Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0xb88%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452089Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\SchemeHandlers\ms-winsoundevent:0x2318%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452088Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x4f4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452087Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0xb88%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452086Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\SchemeHandlers\ms-winsoundevent:0x2258%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452085Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xb88%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452084Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xb88%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452083Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.png0x7f8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452082Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x5e4%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452081Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x5e4%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452080Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.png0x65c%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452079Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x584%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452078Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x584%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452077Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.png0x6bc%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452076Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x2a8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452075Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x2a8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452074Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.png0x148%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452073Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x7ec%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452072Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x7ec%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452071Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.png0x680%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452070Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x580%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452069Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x580%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452068Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x714%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452067Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x714%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452066Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x638%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452065Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x714%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452064Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x638%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452063Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x638%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452062Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x798%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452061Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x638%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452060Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x798%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452059Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x798%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452058Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x4e0%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452057Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x798%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452056Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x658%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452055Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x658%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452054Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x7b4%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452053Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x658%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452052Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.png0x744%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452051Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x6c8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452050Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x6c8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001452049Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache0x7b4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452048Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows0x7b4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452047Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft0x7b4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452046Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local0x7b4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452045Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData0x7b4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452044Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator0x7b4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452043Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users0x7b4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001452042Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\0x7b4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001452041Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x7b4%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001452040Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache0x65c%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452039Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows0x65c%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280100x80200000000000001452038Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x668%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452037Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x668%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452036Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x7ac%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452035Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x668%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452034Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\Platform0x22bc%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280000x80200000000000001452033Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft0x65c%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452032Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local0x65c%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452031Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData0x65c%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452030Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator0x65c%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452029Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users0x65c%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001452028Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\0x65c%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001452027Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x5e8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452026Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.png0x58c%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452025Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x6c4%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452024Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\MostRecentlyUsed0x6c4%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452023Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp0x6c4%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452022Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x744%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001452021Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache0x700%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452020Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows0x700%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452019Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft0x700%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280100x80200000000000001452018Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\MostRecentlyUsed0x5e8%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001452017Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local0x700%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452016Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache0x7b0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452015Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData0x700%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280100x80200000000000001452014Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp0x5e8%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001452013Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator0x700%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452012Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users0x700%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001452011Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows0x7b0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452010Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\0x700%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001452009Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft0x7b0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280100x80200000000000001452008Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x700%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452007Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.png0x798%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001452006Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local0x7b0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280100x80200000000000001452005Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x7ac%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452004Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x7ac%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452003Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x7b4%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001452002Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData0x7b0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280100x80200000000000001452001Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x7b4%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001452000Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator0x7b0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280100x80200000000000001451999Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x7b4%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451998Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\NotifyIcon0x768%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280100x80200000000000001451997Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x7b4%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451996Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users0x7b0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001451995Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\MostRecentlyUsed0x7b4%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451994Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer0x768%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451993Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\0x7b0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001451992Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x7b0%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451991Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp0x7b4%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451990Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\MostRecentlyUsed0x744%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451989Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows0x768%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280100x80200000000000001451988Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x708%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451987Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp0x744%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451986Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft0x768%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451985Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local0x768%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451984Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData0x768%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451983Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator0x768%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451982Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users0x768%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001451981Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x620%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451980Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\0x768%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001451979Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x768%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451978Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\MostRecentlyUsed0x7ac%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451977Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x7b0%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451976Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp0x148%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451975Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x630%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451974Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x500%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451973Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x500%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451972Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x630%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451971Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x500%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451970Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\Control Panel\International\Geo0x2264%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451969Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x1d0c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451968Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x1d0c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451967Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x1d0c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451966Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x1d0c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451965Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x1d0c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451964Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x1d0c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451963Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x6b0%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451962Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x6b0%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451961Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x524%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451960Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x6b0%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451959Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Schemas0x1f68%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451958Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x2098%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451957Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x1f68%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451956Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x1f68%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451955Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x7cc%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451954Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\ImmersiveControlPanel\images0x7d0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001451953Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\ImmersiveControlPanel0x7d0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001451952Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows0x7d0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001451951Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\0x7d0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001451950Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x7d0%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451949Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x524%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451948Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x524%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451947Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x7b8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451946Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x524%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451945Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\MostRecentlyUsed0x148%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451944Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp0x148%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451943Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x148%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451942Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Schemas0x1d3c%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451941Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x1b30%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451940Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x1d3c%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451939Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x1d3c%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280000x80200000000000001451938Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache0x6c4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451937Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows0x6c4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451936Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache0x7d0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451935Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft0x6c4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451934Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows0x7d0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451933Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local0x6c4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451932Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft0x7d0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451931Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData0x6c4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451930Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local0x7d0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451929Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator0x6c4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451928Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData0x7d0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451927Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator0x7d0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001451926Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users0x6c4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001451925Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\0x6c4%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001451924Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x6c4%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451923Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users0x7d0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001451922Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\MostRecentlyUsed0x58c%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451921Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\0x7d0%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001451920Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp0x58c%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451919Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x7d0%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451918Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\MostRecentlyUsed0x768%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451917Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x460%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451916Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp0x768%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451915Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x610%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451914Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Schemas0x2078%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451913Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x22cc%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451912Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x2078%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451911Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x2078%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451910Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Storage.StorageFileStartExperienceStaticsBrokered0x5e8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001451909Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\Control Panel\International\Geo0x25bc%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451908Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x934%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451907Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x934%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451906Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x934%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451905Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x934%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451904Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x934%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451903Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x934%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451902Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings0x934%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451901Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings0xb94%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451900Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings0x2014%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451899Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1465_0.png0x25c4%%4424 0x1000x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451898Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1465_0.png0x25c4%%4418 0x40x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451897Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{E9121665-3EA9-4DF1-A549-495DCE059F64}.png0x2014%%4416 0x10x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451896Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1465_0.png0x25c4%%4417 0x20x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451895Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{E9121665-3EA9-4DF1-A549-495DCE059F64}.png0xb94%%1538 0x200000x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451894Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1465_0.png0x25c4%%4423 0x800x1268C:\Windows\explorer.exe 4663101280100x80200000000000001451893Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Storage.StorageFileStartExperienceStaticsBrokered0x5e8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001451892Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{E9121665-3EA9-4DF1-A549-495DCE059F64}.png0x2014%%4423 0x800x1268C:\Windows\explorer.exe 4663101280100x80200000000000001451891Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Schemas0x200c%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451890Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Schemas0x2310%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451889Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x22f0%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451888Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x2310%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451887Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x22f0%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451886Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x200c%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451885Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x2120%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451884Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x2120%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451883Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Schemas0x2168%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451882Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x1c10%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451881Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x2168%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451880Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x2168%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451879Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Schemas0x16b8%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451878Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x22e4%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451877Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x16b8%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451876Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x16b8%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451875Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\Control Panel\International\Geo0x1c4c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451874Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Schemas0x2064%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451873Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x27f4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451872Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x27f4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451871Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x27f4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451870Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x27f4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451869Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x27f4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451868Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x22fc%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451867Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x27f4%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451866Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x2064%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451865Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x2064%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001451864Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\Control Panel\International\Geo0x3cc%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451863Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x1790%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451862Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x1790%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451861Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x1790%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451860Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x1790%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451859Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x1790%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451858Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x1790%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451857Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings0x22cc%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451856Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1464_0.png0x970%%4424 0x1000x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451855Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1464_0.png0x970%%4418 0x40x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451854Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{3BB6E0F6-1114-4832-A0FC-AE4C3A318329}.png0x22cc%%4416 0x10x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451853Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1464_0.png0x970%%4417 0x20x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451852Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{3BB6E0F6-1114-4832-A0FC-AE4C3A318329}.png0x2154%%1538 0x200000x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451851Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1464_0.png0x970%%4423 0x800x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451850Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{3BB6E0F6-1114-4832-A0FC-AE4C3A318329}.png0x22cc%%4423 0x800x1268C:\Windows\explorer.exe 4663101280100x80200000000000001451849Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\Control Panel\International\Geo0x2160%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451848Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x2290%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451847Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x2290%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451846Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x2290%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451845Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x2290%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451844Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x2290%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451843Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x2290%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001451842Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0xbb0%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451841Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0xbc4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001451840Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings0x2290%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280000x80200000000000001451839Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1463_0.png0x2420%%4424 0x1000x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451838Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1463_0.png0x2420%%4418 0x40x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451837Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{093CC36D-D6E1-4DE3-A089-98F0E7A5F912}.png0x2290%%4416 0x10x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451836Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1463_0.png0x2420%%4417 0x20x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451835Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{093CC36D-D6E1-4DE3-A089-98F0E7A5F912}.png0x2108%%1538 0x200000x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451834Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1463_0.png0x2420%%4423 0x800x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451833Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{093CC36D-D6E1-4DE3-A089-98F0E7A5F912}.png0x2290%%4423 0x800x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451832Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{093CC36D-D6E1-4DE3-A089-98F0E7A5F912}.png0x22c0%%4418 0x40x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451831Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{093CC36D-D6E1-4DE3-A089-98F0E7A5F912}.png0x22c0%%4417 0x20x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451830Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\imageres.dll0x27bc%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280000x80200000000000001451829Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{3BB6E0F6-1114-4832-A0FC-AE4C3A318329}.png0x25ac%%4418 0x40x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451828Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{3BB6E0F6-1114-4832-A0FC-AE4C3A318329}.png0x25ac%%4417 0x20x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451827Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\imageres.dll0x2268%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280000x80200000000000001451826Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{E9121665-3EA9-4DF1-A549-495DCE059F64}.png0xacc%%4418 0x40x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451825Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{E9121665-3EA9-4DF1-A549-495DCE059F64}.png0xacc%%4417 0x20x1268C:\Windows\explorer.exe 4663101280000x80200000000000001451824Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\System32\imageres.dll0x2080%%4416 0x10x1268C:\Windows\explorer.exeS:AI 4663101280100x80200000000000001452175Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x540%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452174Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x520%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452173Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x540%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452172Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x520%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452171Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x540%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452170Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x520%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452169Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x540%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452168Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x520%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452167Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\SchemeHandlers\ms-winsoundevent:0x2134%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452166Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\SchemeHandlers\ms-winsoundevent:0x9e4%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452165Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0x520%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452164Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0x520%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452163Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\Platform0x22b8%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452162Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.png0x2a8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452161Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x7f8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452160Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x7f8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452159Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x680%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452158Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x680%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452157Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x668%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452156Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x680%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452155Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search0x768%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001452154Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache0x768%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452153Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows0x768%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452152Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452151Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452150Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452149Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452148Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001452147Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\desktop.ini0x638%%4423 0x800x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001452146Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\desktop.ini0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001452145Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001452144Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x638%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452143Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\MostRecentlyUsed0x7bc%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452142Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp0x7bc%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452141Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x74c%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452140Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\Control Panel\International\Geo0x2268%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452139Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x1c4c%%4432 0x10x1268C:\Windows\explorer.exe- 4660001280000x80200000000000001452138Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5Security0x22940x1268C:\Windows\explorer.exe{00000000-0000-0000-0000-000000000000} 4663101280000x80200000000000001452137Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{093CC36D-D6E1-4DE3-A089-98F0E7A5F912}.png0x2294%%1537 0x100000x1268C:\Windows\explorer.exe 4663101280000x80200000000000001452136Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{093CC36D-D6E1-4DE3-A089-98F0E7A5F912}.png0x2294%%4423 0x800x1268C:\Windows\explorer.exe 4663101280100x80200000000000001452135Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x1c4c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452134Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x1c4c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452133Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x1c4c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452132Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x1c4c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452131Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x1c4c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452130Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Schemas0x22bc%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452129Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x236c%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452128Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x22bc%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452127Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x22bc%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4660001280000x80200000000000001452126Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5Security0x23340x1268C:\Windows\explorer.exe{00000000-0000-0000-0000-000000000000} 4663101280000x80200000000000001452125Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{3BB6E0F6-1114-4832-A0FC-AE4C3A318329}.png0x2334%%1537 0x100000x1268C:\Windows\explorer.exe 4663101280000x80200000000000001452124Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{3BB6E0F6-1114-4832-A0FC-AE4C3A318329}.png0x2334%%4423 0x800x1268C:\Windows\explorer.exe 4660001280000x80200000000000001452123Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5Security0x23340x1268C:\Windows\explorer.exe{00000000-0000-0000-0000-000000000000} 4663101280000x80200000000000001452122Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{E9121665-3EA9-4DF1-A549-495DCE059F64}.png0x2334%%1537 0x100000x1268C:\Windows\explorer.exe 4663101280000x80200000000000001452121Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\ADMINI~1\AppData\Local\Temp\{E9121665-3EA9-4DF1-A549-495DCE059F64}.png0x2334%%4423 0x800x1268C:\Windows\explorer.exe 4663101280100x80200000000000001452120Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x730%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452119Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x6c4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452118Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0xb74%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452117Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x168%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452116Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0xb74%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452115Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x168%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452114Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0xb74%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452113Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x168%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452112Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xba4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452111Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xba4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452110Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings0x2470%%4432 0x10x1268C:\Windows\explorer.exe- 4660001280000x80200000000000001452109Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5Security0x1c740x1268C:\Windows\explorer.exe{00000000-0000-0000-0000-000000000000} 4663101280000x80200000000000001452108Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1463_0.png0x1c74%%1537 0x100000x1268C:\Windows\explorer.exe 4663101280000x80200000000000001452107Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1463_0.png0x1c74%%4423 0x800x1268C:\Windows\explorer.exe 4663101280000x80200000000000001452106Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache0x1c4c%%4416 0x10x1268C:\Windows\explorer.exe 4663101280100x80200000000000001452105Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x540%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452104Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x6c4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452103Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x540%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452102Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x6c4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452101Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x540%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452100Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x6c4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452099Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x540%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452098Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x6c4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452097Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0x520%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452096Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0x520%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452314Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.png0x7b8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452313Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x638%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452312Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x638%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452311Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.png0x7ec%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452310Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x72c%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452309Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x72c%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452308Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x744%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452307Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x744%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452306Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x7d0%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452305Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x744%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452304Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x520%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452303Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x168%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452302Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x520%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452301Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x168%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452300Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x520%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452299Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x168%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452298Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x520%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452297Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x168%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452296Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x7ac%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452295Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x7ac%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452294Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x724%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452293Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x7ac%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452292Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.png0x638%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452291Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x6b8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452290Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x6b8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452289Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\SchemeHandlers\ms-winsoundevent:0x231c%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452288Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\SchemeHandlers\ms-winsoundevent:0x231c%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452287Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xb74%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452286Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xb74%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452285Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\XAML0x232c%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280000x80200000000000001452284Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\ImmersiveControlPanel\images0x680%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001452283Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\NotifyIcon0x6fc%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452282Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows\ImmersiveControlPanel0x680%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001452281Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer0x6fc%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452280Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Windows0x680%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001452279Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows0x6fc%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452278Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\0x680%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001452277Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x680%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452276Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\MostRecentlyUsed0x7c0%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001452275Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft0x6fc%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452274Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local0x6fc%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280100x80200000000000001452273Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.png0x710%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452272Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x7bc%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452271Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x7bc%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452270Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.png0x654%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452269Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x714%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452268Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x7bc%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452267Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp0x638%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001452266Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData0x6fc%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452265Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator0x6fc%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452264Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users0x6fc%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001452263Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\0x6fc%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001452262Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x6fc%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452261Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\MostRecentlyUsed0x630%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452260Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp0x630%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452259Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x7ac%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452258Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x7ac%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452257Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x6b8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452256Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x7ac%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452255Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x710%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001452254Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452253Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452252Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452251Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452250Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452249Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452248Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001452247Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001452246Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x744%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452245Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x638%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452244Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x744%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452243Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x7b4%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452242Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x744%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452241Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\MostRecentlyUsed0x680%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452240Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp0x680%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452239Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x630%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452238Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x694%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452237Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x148%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452236Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x148%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452235Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x694%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452234Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x148%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001452233Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452232Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452231Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452230Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452229Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache0x680%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452228Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452227Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows0x680%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452226Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452225Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft0x680%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452224Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001452223Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local0x680%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452222Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData0x680%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452221Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\0x638%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001452220Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator0x680%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280100x80200000000000001452219Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x638%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001452218Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users0x680%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001452217Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\MostRecentlyUsed0x768%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452216Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp0x768%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001452215Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\0x680%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001452214Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x680%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452213Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\MostRecentlyUsed0x148%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452212Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x768%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452211Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp0x148%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452210Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x7ac%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452209Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Schemas0x1d24%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452208Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x22d8%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452207Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Storage.StorageFileStartExperienceStaticsBrokered0x6fc%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452206Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x1d24%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452205Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x1d24%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452204Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Schemas0x2374%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452203Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x1ec4%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452202Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x2374%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452201Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x2374%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452200Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Schemas0x22f4%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452199Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x2378%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452198Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x22cc%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452197Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Schemas0x1e80%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452196Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x1c10%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452195Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x1e80%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452194Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x22cc%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452193Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x1e80%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452192Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Schemas0x1f7c%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452191Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x22f0%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452190Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x1f7c%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452189Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x1f7c%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452188Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings0x2054%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452187Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x520%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452186Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0xba4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452185Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0xba4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452184Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x520%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452183Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0xbc8%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452182Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x918%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452181Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xba4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452180Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xba4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452179Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xbc8%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452178Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xbc8%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452177Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xbc8%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452176Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xbc8%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452382Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0xba8%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452381Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0xb74%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452380Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x760%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452379Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x7e4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452378Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x760%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452377Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x7e4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452376Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x760%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452375Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x7e4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452374Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\SchemeHandlers\ms-winsoundevent:0x23d4%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452373Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\SchemeHandlers\ms-winsoundevent:0x23cc%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452372Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0x730%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452371Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0x730%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452370Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\Platform0x1e70%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452369Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Classes\.png0x594%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452368Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace0x680%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452367Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace0x680%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452366Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x7b8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452365Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx0x7b8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452364Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x6c8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452363Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x7b8%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280000x80200000000000001452362Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache0x2a8%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452361Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows0x2a8%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452360Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft0x620%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452359Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local0x500%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452358Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData0x500%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452357Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator0x500%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exe 4663101280000x80200000000000001452356Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users0x500%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280000x80200000000000001452355Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\0x500%%4416 0x10x4f0C:\Windows\System32\RuntimeBroker.exeS:AI 4663101280100x80200000000000001452354Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7388c46e-0000-0000-0000-100000000000}0x500%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452353Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\MostRecentlyUsed0x654%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452352Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\PersistedStorageItemTable\ManagedByApp0x654%%4435 0x80x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452351Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x620%%4432 0x10x4f0C:\Windows\System32\RuntimeBroker.exe- 4663101280100x80200000000000001452350Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Schemas0x228c%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452349Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ATTACKRANGE\Administrator0x2384%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452348Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders0x228c%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452347Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities0x228c%%4432 0x10x1364C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe- 4663101280100x80200000000000001452346Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x168%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452345Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0xba4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452344Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0xbc8%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452343Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x918%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452342Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0xbc8%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452341Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x918%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452340Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0xbc8%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452339Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x918%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452338Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xba4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452337Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\Control Panel\International\Geo0x1f58%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452336Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xba4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452335Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x27b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452334Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x27b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452333Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x27b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452332Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x27b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452331Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x27b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452330Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x27b0%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452329Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings0x27b0%%4432 0x10x1268C:\Windows\explorer.exe- 4660001280000x80200000000000001452328Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5Security0x20e80x1268C:\Windows\explorer.exe{00000000-0000-0000-0000-000000000000} 4663101280000x80200000000000001452327Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1464_0.png0x20e8%%1537 0x100000x1268C:\Windows\explorer.exe 4663101280000x80200000000000001452326Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1464_0.png0x20e8%%4423 0x800x1268C:\Windows\explorer.exe 4663101280000x80200000000000001452325Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache0x1440%%4416 0x10x1268C:\Windows\explorer.exe 4663101280100x80200000000000001452324Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0xbc8%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452323Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x918%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452322Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x168%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452321Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0xba4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452320Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x168%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452319Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0xba4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452318Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x168%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452317Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0xba4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452316Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xb74%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452315Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xb74%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452423Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x6c4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452422Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x740%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452421Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0xbbc%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452420Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x2a8%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452419Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0x6c4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452418Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0x6c4%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452417Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xb74%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452416Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xb74%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452415Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xb74%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452414Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xb74%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452413Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x760%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452412Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x7e4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452411Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x918%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452410Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x2a8%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452409Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x918%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452408Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x2a8%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452407Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x918%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452406Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x2a8%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452405Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xb74%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452404Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\Control Panel\International\Geo0x1d48%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452403Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xb74%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452402Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x71c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452401Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x71c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452400Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x71c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452399Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x71c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452398Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x71c%%4432 0x10x1268C:\Windows\explorer.exe- 4663101280100x80200000000000001452397Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced0x71c%%4432 0x10x1268C:\Windows\explorer.exe- 4660001280000x80200000000000001452396Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5Security0x1d480x1268C:\Windows\explorer.exe{00000000-0000-0000-0000-000000000000} 4663101280000x80200000000000001452395Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1465_0.png0x1d48%%1537 0x100000x1268C:\Windows\explorer.exe 4663101280000x80200000000000001452394Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--2be321f0-5f88-4598-903e-bc3f4d08bae8-_1465_0.png0x1d48%%4423 0x800x1268C:\Windows\explorer.exe 4663101280000x80200000000000001452393Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityFileC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache0x71c%%4416 0x10x1268C:\Windows\explorer.exe 4663101280100x80200000000000001452392Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x6d0%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452391Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x730%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452390Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x760%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452389Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x7e4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452388Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x760%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452387Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x7e4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452386Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy0x760%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452385Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy0x7e4%%4435 0x80x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452384Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xbbc%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452383Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ResourceTimers0xbbc%%4432 0x10x1010C:\Windows\System32\sihost.exe- 4663101280100x80200000000000001452519Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452518Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452517Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452516Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452515Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452514Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452513Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452512Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452511Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452510Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452509Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452508Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452507Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452506Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452505Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452504Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452503Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452502Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452501Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452500Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452499Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452498Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452497Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452496Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452495Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452494Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452493Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452492Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452491Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452490Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452489Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452488Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452487Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452486Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452485Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452484Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452483Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452482Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452481Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452480Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452479Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452478Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452477Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452476Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452475Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452474Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452473Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452472Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452471Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452470Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452469Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452468Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452467Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452466Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452465Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452464Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452463Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452462Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452461Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452460Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452459Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452458Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452457Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452456Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452455Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452454Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452453Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452452Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452451Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452450Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452449Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452448Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452447Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452446Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452445Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452444Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452443Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452442Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452441Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452440Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452439Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452438Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452437Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452436Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452435Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452434Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452433Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452432Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452431Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452430Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452429Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452428Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452427Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452426Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452425Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452424Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452579Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452578Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452577Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452576Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452575Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452574Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452573Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452572Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452571Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452570Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452569Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452568Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452567Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452566Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452565Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452564Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452563Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452562Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452561Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452560Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452559Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452558Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452557Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452556Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452555Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452554Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452553Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452552Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452551Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452550Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452549Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452548Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452547Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452546Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452545Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452544Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452543Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452542Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452541Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452540Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452539Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452538Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452537Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452536Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452535Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452534Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452533Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452532Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452531Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452530Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452529Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452528Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452527Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452526Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452525Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452524Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452523Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452522Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452521Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452520Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452663Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452662Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452661Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452660Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452659Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452658Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452657Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452656Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452655Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452654Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452653Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452652Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452651Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452650Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452649Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452648Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452647Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452646Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452645Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452644Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452643Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452642Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452641Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452640Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452639Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452638Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452637Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452636Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452635Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452634Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452633Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452632Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452631Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452630Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452629Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452628Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452627Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452626Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452625Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452624Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452623Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452622Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452621Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452620Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452619Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452618Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452617Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452616Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452615Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452614Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452613Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452612Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452611Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452610Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452609Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452608Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452607Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452606Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452605Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452604Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452603Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452602Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452601Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452600Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452599Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452598Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452597Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452596Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452595Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452594Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452593Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452592Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452591Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452590Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452589Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452588Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452587Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452586Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452585Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452584Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452583Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452582Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452581Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452580Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452735Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452734Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452733Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452732Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452731Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452730Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452729Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452728Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452727Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452726Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452725Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452724Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452723Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452722Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452721Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452720Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452719Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452718Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452717Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452716Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452715Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452714Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452713Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452712Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452711Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452710Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452709Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452708Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452707Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452706Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452705Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452704Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452703Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452702Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452701Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452700Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452699Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452698Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452697Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452696Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452695Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452694Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452693Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452692Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452691Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452690Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452689Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452688Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452687Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452686Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452685Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452684Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452683Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452682Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452681Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452680Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452679Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452678Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452677Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452676Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452675Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452674Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452673Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452672Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452671Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452670Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452669Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452668Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452667Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452666Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452665Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452664Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452807Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452806Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452805Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452804Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452803Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452802Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452801Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452800Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452799Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452798Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452797Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452796Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452795Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452794Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452793Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452792Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452791Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452790Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452789Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452788Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452787Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452786Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452785Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452784Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452783Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452782Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452781Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452780Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452779Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452778Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452777Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452776Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452775Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452774Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452773Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452772Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452771Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452770Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452769Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452768Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452767Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452766Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452765Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452764Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452763Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452762Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452761Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452760Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452759Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452758Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452757Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452756Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452755Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452754Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452753Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452752Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452751Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452750Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452749Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452748Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452747Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452746Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452745Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452744Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452743Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452742Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452741Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452740Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452739Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452738Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452737Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452736Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452939Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452938Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452937Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452936Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452935Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452934Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452933Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452932Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452931Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452930Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452929Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452928Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452927Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452926Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452925Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452924Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452923Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452922Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452921Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452920Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452919Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452918Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452917Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452916Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452915Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452914Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452913Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452912Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452911Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452910Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452909Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452908Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452907Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452906Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452905Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452904Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452903Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452902Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452901Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452900Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452899Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452898Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452897Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452896Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452895Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452894Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452893Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452892Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f8%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452891Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452890Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452889Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452888Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452887Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452886Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452885Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452884Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452883Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452882Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452881Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452880Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452879Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452878Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452877Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452876Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452875Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452874Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452873Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452872Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452871Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452870Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452869Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452868Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452867Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452866Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452865Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452864Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452863Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452862Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452861Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452860Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452859Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452858Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452857Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452856Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452855Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452854Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452853Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452852Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452851Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452850Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452849Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452848Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452847Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452846Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452845Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452844Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452843Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452842Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452841Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452840Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452839Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452838Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452837Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452836Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452835Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452834Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452833Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452832Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452831Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452830Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452829Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452828Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452827Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452826Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452825Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452824Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452823Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452822Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452821Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452820Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x200%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452819Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452818Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452817Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452816Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452815Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452814Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452813Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452812Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452811Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452810Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452809Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001452808Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001453023Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001453022Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001453021Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001453020Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001453019Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001453018Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001453017Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001453016Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001453015Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001453014Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001453013Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001453012Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1f4%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001453011Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001453010Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe- 4663101280100x80200000000000001453009Securityar-win-dc.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x811c5SecurityKey\REGISTRY\USER\ATTACKRANGE\Administrator\SOFTWARE\Microsoft\Windows\DWM0x1dc%%4432 0x10x1378C:\Windows\System32\conhost.exe-