13241300x800000000000000056441Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:03.428{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\NextInstanceDWORD (0x00000002) 13241300x800000000000000056440Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:03.428{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\CountDWORD (0x00000002) 13241300x800000000000000056439Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:03.428{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Mouse0 13241300x800000000000000056438Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:03.428{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000002) 13241300x800000000000000056437Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:03.428{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000002) 13241300x800000000000000056436Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:03.428{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Mouse0 13241300x800000000000000056435Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:03.428{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\NextInstanceDWORD (0x00000002) 13241300x800000000000000056434Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:03.428{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\CountDWORD (0x00000002) 13241300x800000000000000056433Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:03.428{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Keyboard0 13241300x800000000000000056432Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:03.428{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000056431Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:03.428{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000001) 13241300x800000000000000056430Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:03.428{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\0TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Keyboard0 13241300x800000000000000056328Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:00.522{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000056327Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:00.522{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\CountDWORD (0x00000001) 13241300x800000000000000056325Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:00.522{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000000) 13241300x800000000000000056324Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:00.522{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000000) 13241300x800000000000000056322Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:00.460{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000056321Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:00.460{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\CountDWORD (0x00000001) 13241300x800000000000000056319Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:00.460{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000056318Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:56:00.460{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000001) 13241300x800000000000000056236Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:55:27.987{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000056235Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:55:27.987{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00ea7983) 13241300x800000000000000056234Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:55:27.987{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4cc-0xb155cca0) 13241300x800000000000000056233Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:55:27.987{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4d5-0x131a34a0) 13241300x800000000000000056232Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:55:27.987{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4dd-0x74de9ca0) 13241300x800000000000000056231Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:55:27.987{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000056230Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:55:27.987{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00ea7983) 13241300x800000000000000056229Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:55:27.987{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4cc-0xb155cca0) 13241300x800000000000000056228Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:55:27.987{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4d5-0x131a34a0) 13241300x800000000000000056227Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:55:27.987{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4dd-0x74de9ca0) 13241300x800000000000000055583Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:51:37.715{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4d4-0x8a4df9f3) 13241300x800000000000000055490Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:51:21.715{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4d4-0x80c493ab) 13241300x800000000000000055384Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:50:32.079{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4d4-0x632ecac8) 13241300x800000000000000055339Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:50:27.970{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000055338Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:50:27.970{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00e5e593) 13241300x800000000000000055337Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:50:27.970{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4cb-0xfe82fda0) 13241300x800000000000000055336Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:50:27.970{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4d4-0x604765a0) 13241300x800000000000000055335Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:50:27.970{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4dc-0xc20bcda0) 13241300x800000000000000055334Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:50:27.970{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000055333Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:50:27.970{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00e5e593) 13241300x800000000000000055332Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:50:27.970{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4cb-0xfe82fda0) 13241300x800000000000000055331Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:50:27.970{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4d4-0x604765a0) 13241300x800000000000000055330Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:50:27.970{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4dc-0xc20bcda0) 13241300x800000000000000054500Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:45:27.960{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000054499Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:45:27.960{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00e151b3) 13241300x800000000000000054498Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:45:27.960{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4cb-0x4bb29fa0) 13241300x800000000000000054497Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:45:27.960{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4d3-0xad7707a0) 13241300x800000000000000054496Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:45:27.960{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4dc-0x0f3b6fa0) 13241300x800000000000000054495Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:45:27.960{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000054494Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:45:27.960{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00e151b3) 13241300x800000000000000054493Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:45:27.960{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4cb-0x4bb29fa0) 13241300x800000000000000054492Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:45:27.960{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4d3-0xad7707a0) 13241300x800000000000000054491Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:45:27.960{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4dc-0x0f3b6fa0) 13241300x800000000000000053628Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:40:27.945{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000053627Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:40:27.945{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00dcbdc4) 13241300x800000000000000053626Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:40:27.945{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4ca-0x98dff7b0) 13241300x800000000000000053625Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:40:27.945{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4d2-0xfaa45fb0) 13241300x800000000000000053624Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:40:27.945{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4db-0x5c68c7b0) 13241300x800000000000000053623Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:40:27.945{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000053622Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:40:27.945{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00dcbdc4) 13241300x800000000000000053621Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:40:27.945{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4ca-0x98dff7b0) 13241300x800000000000000053620Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:40:27.945{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4d2-0xfaa45fb0) 13241300x800000000000000053619Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:40:27.945{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4db-0x5c68c7b0) 13241300x800000000000000053415Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.541{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000053414Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.541{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\StaleAdapterDWORD (0x00000000) 13241300x800000000000000053413Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.541{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\CompartmentIdDWORD (0x00000001) 13241300x800000000000000053412Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.541{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\FlagsDWORD (0x00000002) 13241300x800000000000000053411Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.541{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\TtlDWORD (0x000004b0) 13241300x800000000000000053410Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.541{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\SentPriUpdateToIpBinary Data 13241300x800000000000000053409Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.541{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\SentUpdateToIpBinary Data 13241300x800000000000000053408Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.541{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\DnsServersBinary Data 13241300x800000000000000053407Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.541{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\HostAddrsBinary Data 13241300x800000000000000053406Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.541{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\PrimaryDomainNameattackrange.local 13241300x800000000000000053405Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.541{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\AdapterDomainName(Empty) 13241300x800000000000000053404Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.541{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\Hostnamewin-host-854 13241300x800000000000000053402Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.537{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000053401Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.531{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpConnForceBroadcastFlagDWORD (0x00000000) 13241300x800000000000000053400Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.531{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\IsServerNapAwareDWORD (0x00000000) 13241300x800000000000000053399Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.531{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\AddressTypeDWORD (0x00000000) 13241300x800000000000000053398Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.531{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseTerminatesTimeDWORD (0x6153d1dd) 13241300x800000000000000053397Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.531{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\T2DWORD (0x6153d01b) 13241300x800000000000000053396Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.531{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\T1DWORD (0x6153cad5) 13241300x800000000000000053395Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.531{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseObtainedTimeDWORD (0x6153c3cd) 13241300x800000000000000053394Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.531{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseDWORD (0x00000e10) 13241300x800000000000000053393Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.531{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpServer10.0.1.1 13241300x800000000000000053392Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.531{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpSubnetMask255.255.255.0 13241300x800000000000000053391Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.531{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpIPAddress10.0.1.15 13241300x800000000000000053390Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:39:25.531{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpInterfaceOptionsBinary Data 13241300x800000000000000052737Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:35:27.936{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000052736Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:35:27.936{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00d829e4) 13241300x800000000000000052735Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:35:27.936{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c9-0xe60f99b0) 13241300x800000000000000052734Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:35:27.936{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4d2-0x47d401b0) 13241300x800000000000000052733Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:35:27.936{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4da-0xa99869b0) 13241300x800000000000000052732Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:35:27.936{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000052731Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:35:27.936{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00d829e4) 13241300x800000000000000052730Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:35:27.936{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c9-0xe60f99b0) 13241300x800000000000000052729Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:35:27.936{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4d2-0x47d401b0) 13241300x800000000000000052728Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:35:27.936{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4da-0xa99869b0) 13241300x800000000000000052615Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:34:33.695{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4d2-0x27f10737) 13241300x800000000000000052497Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:34:17.693{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4d2-0x1e673d26) 13241300x800000000000000052383Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:33:28.059{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4d2-0x00d1ac38) 13241300x800000000000000051909Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:30:27.921{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000051908Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:30:27.921{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00d395f4) 13241300x800000000000000051907Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:30:27.921{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c9-0x333ccab0) 13241300x800000000000000051906Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:30:27.921{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4d1-0x950132b0) 13241300x800000000000000051905Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:30:27.921{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d9-0xf6c59ab0) 13241300x800000000000000051904Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:30:27.921{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000051903Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:30:27.921{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00d395f4) 13241300x800000000000000051902Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:30:27.921{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c9-0x333ccab0) 13241300x800000000000000051901Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:30:27.921{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4d1-0x950132b0) 13241300x800000000000000051900Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:30:27.921{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d9-0xf6c59ab0) 13241300x800000000000000051799Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:30:00.062{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4d1-0x84d7fbec) 13241300x800000000000000051006Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:25:27.909{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000051005Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:25:27.909{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00cf0214) 13241300x800000000000000051004Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:25:27.909{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c8-0x806c6cb0) 13241300x800000000000000051003Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:25:27.909{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4d0-0xe230d4b0) 13241300x800000000000000051002Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:25:27.909{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d9-0x43f53cb0) 13241300x800000000000000051001Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:25:27.909{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000051000Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:25:27.909{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00cf0214) 13241300x800000000000000050999Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:25:27.909{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c8-0x806c6cb0) 13241300x800000000000000050998Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:25:27.909{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4d0-0xe230d4b0) 13241300x800000000000000050997Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:25:27.909{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d9-0x43f53cb0) 13241300x800000000000000050184Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:20:27.901{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000050183Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:20:27.901{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00ca6e34) 13241300x800000000000000050182Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:20:27.901{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c7-0xcd9c0eb0) 13241300x800000000000000050181Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:20:27.901{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4d0-0x2f6076b0) 13241300x800000000000000050180Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:20:27.901{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d8-0x9124deb0) 13241300x800000000000000050179Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:20:27.901{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000050178Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:20:27.901{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00ca6e34) 13241300x800000000000000050177Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:20:27.901{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c7-0xcd9c0eb0) 13241300x800000000000000050176Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:20:27.901{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4d0-0x2f6076b0) 13241300x800000000000000050175Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:20:27.901{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d8-0x9124deb0) 13241300x800000000000000049668Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:17:29.690{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4cf-0xc5963a6f) 13241300x800000000000000049593Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:17:13.686{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4cf-0xbc0c3b40) 13241300x800000000000000049449Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:16:24.053{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4cf-0x9e76e2a5) 13241300x800000000000000049288Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:15:27.886{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000049287Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:15:27.886{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00c5da44) 13241300x800000000000000049286Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:15:27.886{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c7-0x1ac93fb0) 13241300x800000000000000049285Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:15:27.886{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4cf-0x7c8da7b0) 13241300x800000000000000049284Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:15:27.886{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d7-0xde520fb0) 13241300x800000000000000049283Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:15:27.886{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000049282Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:15:27.886{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00c5da44) 13241300x800000000000000049281Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:15:27.886{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c7-0x1ac93fb0) 13241300x800000000000000049280Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:15:27.886{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4cf-0x7c8da7b0) 13241300x800000000000000049279Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:15:27.886{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d7-0xde520fb0) 13241300x800000000000000048435Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:10:27.871{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000048434Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:10:27.871{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00c14655) 13241300x800000000000000048433Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:10:27.871{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c6-0x67f697c0) 13241300x800000000000000048432Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:10:27.871{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4ce-0xc9baffc0) 13241300x800000000000000048431Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:10:27.871{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d7-0x2b7f67c0) 13241300x800000000000000048430Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:10:27.871{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000048429Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:10:27.871{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00c14655) 13241300x800000000000000048428Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:10:27.871{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c6-0x67f697c0) 13241300x800000000000000048427Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:10:27.871{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4ce-0xc9baffc0) 13241300x800000000000000048426Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:10:27.871{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d7-0x2b7f67c0) 13241300x800000000000000048209Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000048208Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\StaleAdapterDWORD (0x00000000) 13241300x800000000000000048207Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\CompartmentIdDWORD (0x00000001) 13241300x800000000000000048206Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\FlagsDWORD (0x00000002) 13241300x800000000000000048205Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\TtlDWORD (0x000004b0) 13241300x800000000000000048204Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\SentPriUpdateToIpBinary Data 13241300x800000000000000048203Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\SentUpdateToIpBinary Data 13241300x800000000000000048202Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\DnsServersBinary Data 13241300x800000000000000048201Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\HostAddrsBinary Data 13241300x800000000000000048200Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\PrimaryDomainNameattackrange.local 13241300x800000000000000048199Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\AdapterDomainName(Empty) 13241300x800000000000000048198Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\Hostnamewin-host-854 13241300x800000000000000048197Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000048196Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpConnForceBroadcastFlagDWORD (0x00000000) 13241300x800000000000000048195Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\IsServerNapAwareDWORD (0x00000000) 13241300x800000000000000048194Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\AddressTypeDWORD (0x00000000) 13241300x800000000000000048193Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseTerminatesTimeDWORD (0x6153cad5) 13241300x800000000000000048192Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\T2DWORD (0x6153c913) 13241300x800000000000000048191Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\T1DWORD (0x6153c3cd) 13241300x800000000000000048190Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseObtainedTimeDWORD (0x6153bcc5) 13241300x800000000000000048189Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseDWORD (0x00000e10) 13241300x800000000000000048188Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpServer10.0.1.1 13241300x800000000000000048187Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpSubnetMask255.255.255.0 13241300x800000000000000048186Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpIPAddress10.0.1.15 13241300x800000000000000048185Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:09:25.491{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpInterfaceOptionsBinary Data 13241300x800000000000000047524Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:05:27.860{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000047523Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:05:27.860{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00bcb275) 13241300x800000000000000047522Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:05:27.860{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c5-0xb52639c0) 13241300x800000000000000047521Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:05:27.860{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4ce-0x16eaa1c0) 13241300x800000000000000047520Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:05:27.860{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d6-0x78af09c0) 13241300x800000000000000047519Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:05:27.860{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000047518Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:05:27.860{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00bcb275) 13241300x800000000000000047517Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:05:27.860{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c5-0xb52639c0) 13241300x800000000000000047516Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:05:27.860{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4ce-0x16eaa1c0) 13241300x800000000000000047515Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:05:27.860{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d6-0x78af09c0) 13241300x800000000000000046681Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:00:27.848{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000046680Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:00:27.848{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00b81e95) 13241300x800000000000000046679Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:00:27.848{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c5-0x0255dbc0) 13241300x800000000000000046678Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:00:27.848{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4cd-0x641a43c0) 13241300x800000000000000046677Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:00:27.848{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d5-0xc5deabc0) 13241300x800000000000000046676Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:00:27.848{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000046675Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:00:27.848{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00b81e95) 13241300x800000000000000046674Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:00:27.848{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c5-0x0255dbc0) 13241300x800000000000000046673Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:00:27.848{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4cd-0x641a43c0) 13241300x800000000000000046672Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:00:27.848{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d5-0xc5deabc0) 13241300x800000000000000046646Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:00:25.661{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4cd-0x6337d40f) 13241300x800000000000000046620Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 01:00:09.665{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4cd-0x59af0c8a) 13241300x800000000000000046469Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:59:20.032{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4cd-0x3c199e9a) 13241300x800000000000000045846Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:55:27.839{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000045845Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:55:27.839{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00b38aa5) 13241300x800000000000000045844Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:55:27.839{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c4-0x4f830cc0) 13241300x800000000000000045843Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:55:27.839{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4cc-0xb14774c0) 13241300x800000000000000045842Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:55:27.839{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d5-0x130bdcc0) 13241300x800000000000000045841Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:55:27.839{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000045840Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:55:27.839{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00b38aa5) 13241300x800000000000000045839Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:55:27.839{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c4-0x4f830cc0) 13241300x800000000000000045838Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:55:27.839{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4cc-0xb14774c0) 13241300x800000000000000045837Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:55:27.839{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d5-0x130bdcc0) 13241300x800000000000000045351Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.667{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\NextInstanceDWORD (0x00000002) 13241300x800000000000000045350Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.667{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\CountDWORD (0x00000002) 13241300x800000000000000045349Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.667{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Mouse0 13241300x800000000000000045348Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.667{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000002) 13241300x800000000000000045347Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.667{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000002) 13241300x800000000000000045346Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.667{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Mouse0 13241300x800000000000000045345Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.667{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\NextInstanceDWORD (0x00000002) 13241300x800000000000000045344Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.667{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\CountDWORD (0x00000002) 13241300x800000000000000045343Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.667{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Keyboard0 13241300x800000000000000045342Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.667{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000045341Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.667{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000001) 13241300x800000000000000045340Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.667{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\0TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Keyboard0 13241300x800000000000000045323Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.605{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000045322Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.605{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\CountDWORD (0x00000001) 13241300x800000000000000045320Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.605{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000000) 13241300x800000000000000045319Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.605{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000000) 13241300x800000000000000045317Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.542{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000045316Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.542{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\CountDWORD (0x00000001) 13241300x800000000000000045314Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.542{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000045313Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:04.542{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000001) 13241300x800000000000000045120Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:03.761{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\NextInstanceDWORD (0x00000002) 13241300x800000000000000045119Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:03.761{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\CountDWORD (0x00000002) 13241300x800000000000000045118Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:03.761{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Mouse0 13241300x800000000000000045117Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:03.761{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000002) 13241300x800000000000000045116Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:03.761{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000002) 13241300x800000000000000045115Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:03.761{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Mouse0 13241300x800000000000000045114Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:03.761{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\NextInstanceDWORD (0x00000002) 13241300x800000000000000045113Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:03.761{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\CountDWORD (0x00000002) 13241300x800000000000000045112Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:03.761{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Keyboard0 13241300x800000000000000045111Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:03.761{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000045110Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:03.761{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000001) 13241300x800000000000000045109Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:03.761{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\0TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Keyboard0 13241300x800000000000000045011Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:02.792{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000045010Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:02.792{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\CountDWORD (0x00000001) 13241300x800000000000000045008Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:02.792{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000000) 13241300x800000000000000045007Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:02.792{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000000) 13241300x800000000000000045005Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:02.714{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000045004Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:02.714{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\CountDWORD (0x00000001) 13241300x800000000000000045002Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:02.714{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000045001Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:54:02.714{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000001) 13241300x800000000000000044376Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:50:27.824{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000044375Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:50:27.824{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00aef6b5) 13241300x800000000000000044374Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:50:27.824{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c3-0x9cb03dc0) 13241300x800000000000000044373Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:50:27.824{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4cb-0xfe74a5c0) 13241300x800000000000000044372Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:50:27.824{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d4-0x60390dc0) 13241300x800000000000000044371Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:50:27.824{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000044370Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:50:27.824{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00aef6b5) 13241300x800000000000000044369Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:50:27.824{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c3-0x9cb03dc0) 13241300x800000000000000044368Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:50:27.824{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4cb-0xfe74a5c0) 13241300x800000000000000044367Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:50:27.824{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d4-0x60390dc0) 13241300x800000000000000043535Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:45:27.814{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000043534Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:45:27.814{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00aa62d5) 13241300x800000000000000043533Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:45:27.814{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c2-0xe9dfdfc0) 13241300x800000000000000043532Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:45:27.814{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4cb-0x4ba447c0) 13241300x800000000000000043531Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:45:27.814{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d3-0xad68afc0) 13241300x800000000000000043530Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:45:27.814{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000043529Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:45:27.814{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00aa62d5) 13241300x800000000000000043528Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:45:27.814{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c2-0xe9dfdfc0) 13241300x800000000000000043527Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:45:27.814{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4cb-0x4ba447c0) 13241300x800000000000000043526Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:45:27.814{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d3-0xad68afc0) 13241300x800000000000000043149Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:43:21.645{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4cb-0x00db694e) 13241300x800000000000000043122Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:43:05.643{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4ca-0xf751a9d9) 13241300x800000000000000042955Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:42:16.011{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4ca-0xd9bc678c) 13241300x800000000000000042647Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:40:27.798{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000042646Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:40:27.798{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00a5cee6) 13241300x800000000000000042645Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:40:27.798{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c2-0x370d37d0) 13241300x800000000000000042644Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:40:27.798{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4ca-0x98d19fd0) 13241300x800000000000000042643Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:40:27.798{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d2-0xfa9607d0) 13241300x800000000000000042642Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:40:27.798{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000042641Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:40:27.798{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00a5cee6) 13241300x800000000000000042640Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:40:27.798{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c2-0x370d37d0) 13241300x800000000000000042639Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:40:27.798{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4ca-0x98d19fd0) 13241300x800000000000000042638Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:40:27.798{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d2-0xfa9607d0) 13241300x800000000000000042448Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.453{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000042447Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.453{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\StaleAdapterDWORD (0x00000000) 13241300x800000000000000042446Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.453{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\CompartmentIdDWORD (0x00000001) 13241300x800000000000000042445Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.453{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\FlagsDWORD (0x00000002) 13241300x800000000000000042444Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.453{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\TtlDWORD (0x000004b0) 13241300x800000000000000042443Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.453{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\SentPriUpdateToIpBinary Data 13241300x800000000000000042442Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.453{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\SentUpdateToIpBinary Data 13241300x800000000000000042441Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.453{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\DnsServersBinary Data 13241300x800000000000000042440Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.453{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\HostAddrsBinary Data 13241300x800000000000000042439Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.453{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\PrimaryDomainNameattackrange.local 13241300x800000000000000042438Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.453{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\AdapterDomainName(Empty) 13241300x800000000000000042437Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.453{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\Hostnamewin-host-854 13241300x800000000000000042436Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.453{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000042435Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.438{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpConnForceBroadcastFlagDWORD (0x00000000) 13241300x800000000000000042434Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.438{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\IsServerNapAwareDWORD (0x00000000) 13241300x800000000000000042433Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.438{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\AddressTypeDWORD (0x00000000) 13241300x800000000000000042432Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.438{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseTerminatesTimeDWORD (0x6153c3cd) 13241300x800000000000000042431Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.438{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\T2DWORD (0x6153c20b) 13241300x800000000000000042430Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.438{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\T1DWORD (0x6153bcc5) 13241300x800000000000000042429Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.438{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseObtainedTimeDWORD (0x6153b5bd) 13241300x800000000000000042428Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.438{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseDWORD (0x00000e10) 13241300x800000000000000042427Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.438{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpServer10.0.1.1 13241300x800000000000000042426Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.438{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpSubnetMask255.255.255.0 13241300x800000000000000042425Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.438{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpIPAddress10.0.1.15 13241300x800000000000000042424Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:39:25.438{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpInterfaceOptionsBinary Data 13241300x800000000000000041761Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:35:27.792{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000041760Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:35:27.792{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00a13b06) 13241300x800000000000000041759Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:35:27.792{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c1-0x843cd9d0) 13241300x800000000000000041758Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:35:27.792{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c9-0xe60141d0) 13241300x800000000000000041757Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:35:27.792{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d2-0x47c5a9d0) 13241300x800000000000000041756Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:35:27.792{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000041755Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:35:27.792{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00a13b06) 13241300x800000000000000041754Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:35:27.792{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c1-0x843cd9d0) 13241300x800000000000000041753Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:35:27.792{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c9-0xe60141d0) 13241300x800000000000000041752Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:35:27.792{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d2-0x47c5a9d0) 13241300x800000000000000040883Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:30:27.781{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000040882Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:30:27.781{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x009ca726) 13241300x800000000000000040881Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:30:27.781{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c0-0xd16c7bd0) 13241300x800000000000000040880Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:30:27.781{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c9-0x3330e3d0) 13241300x800000000000000040879Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:30:27.781{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d1-0x94f54bd0) 13241300x800000000000000040878Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:30:27.781{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000040877Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:30:27.781{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x009ca726) 13241300x800000000000000040876Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:30:27.781{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c0-0xd16c7bd0) 13241300x800000000000000040875Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:30:27.781{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c9-0x3330e3d0) 13241300x800000000000000040874Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:30:27.781{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d1-0x94f54bd0) 13241300x800000000000000040811Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:30:00.047{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4c9-0x231145ee) 13241300x800000000000000040156Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:26:17.625{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4c8-0x9e7e4764) 13241300x800000000000000040125Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:26:01.620{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4c8-0x94f422ab) 13241300x800000000000000040028Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:25:27.772{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000040027Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:25:27.772{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00981346) 13241300x800000000000000040026Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:25:27.772{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c0-0x1e9c1dd0) 13241300x800000000000000040025Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:25:27.772{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c8-0x806085d0) 13241300x800000000000000040024Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:25:27.772{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d0-0xe224edd0) 13241300x800000000000000040023Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:25:27.772{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000040022Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:25:27.772{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00981346) 13241300x800000000000000040021Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:25:27.772{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4c0-0x1e9c1dd0) 13241300x800000000000000040020Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:25:27.772{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c8-0x806085d0) 13241300x800000000000000040019Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:25:27.772{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d0-0xe224edd0) 13241300x800000000000000039975Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:25:11.991{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4c8-0x775f65c6) 13241300x800000000000000039151Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:20:27.763{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000039150Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:20:27.763{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00937f56) 13241300x800000000000000039149Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:20:27.763{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4bf-0x6bc94ed0) 13241300x800000000000000039148Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:20:27.763{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c7-0xcd8db6d0) 13241300x800000000000000039147Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:20:27.763{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d0-0x2f521ed0) 13241300x800000000000000039146Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:20:27.763{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000039145Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:20:27.763{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00937f56) 13241300x800000000000000039144Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:20:27.763{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4bf-0x6bc94ed0) 13241300x800000000000000039143Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:20:27.763{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c7-0xcd8db6d0) 13241300x800000000000000039142Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:20:27.763{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4d0-0x2f521ed0) 13241300x800000000000000038294Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:15:27.748{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000038293Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:15:27.748{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x008eeb76) 13241300x800000000000000038292Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:15:27.748{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4be-0xb8f8f0d0) 13241300x800000000000000038291Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:15:27.748{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c7-0x1abd58d0) 13241300x800000000000000038290Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:15:27.748{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4cf-0x7c81c0d0) 13241300x800000000000000038289Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:15:27.748{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000038288Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:15:27.748{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x008eeb76) 13241300x800000000000000038287Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:15:27.748{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4be-0xb8f8f0d0) 13241300x800000000000000038286Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:15:27.748{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c7-0x1abd58d0) 13241300x800000000000000038285Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:15:27.748{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4cf-0x7c81c0d0) 13241300x800000000000000037423Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:10:27.742{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000037422Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:10:27.742{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x008a5787) 13241300x800000000000000037421Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:10:27.742{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4be-0x062648e0) 13241300x800000000000000037420Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:10:27.742{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c6-0x67eab0e0) 13241300x800000000000000037419Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:10:27.742{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4ce-0xc9af18e0) 13241300x800000000000000037418Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:10:27.742{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000037417Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:10:27.742{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x008a5787) 13241300x800000000000000037416Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:10:27.742{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4be-0x062648e0) 13241300x800000000000000037415Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:10:27.742{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c6-0x67eab0e0) 13241300x800000000000000037414Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:10:27.742{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4ce-0xc9af18e0) 13241300x800000000000000037227Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000037226Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\StaleAdapterDWORD (0x00000000) 13241300x800000000000000037225Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\CompartmentIdDWORD (0x00000001) 13241300x800000000000000037224Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\FlagsDWORD (0x00000002) 13241300x800000000000000037223Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\TtlDWORD (0x000004b0) 13241300x800000000000000037222Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\SentPriUpdateToIpBinary Data 13241300x800000000000000037221Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\SentUpdateToIpBinary Data 13241300x800000000000000037220Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\DnsServersBinary Data 13241300x800000000000000037219Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\HostAddrsBinary Data 13241300x800000000000000037218Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\PrimaryDomainNameattackrange.local 13241300x800000000000000037217Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\AdapterDomainName(Empty) 13241300x800000000000000037216Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\Hostnamewin-host-854 13241300x800000000000000037215Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000037214Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpConnForceBroadcastFlagDWORD (0x00000000) 13241300x800000000000000037213Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\IsServerNapAwareDWORD (0x00000000) 13241300x800000000000000037212Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\AddressTypeDWORD (0x00000000) 13241300x800000000000000037211Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseTerminatesTimeDWORD (0x6153bcc5) 13241300x800000000000000037210Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\T2DWORD (0x6153bb03) 13241300x800000000000000037209Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\T1DWORD (0x6153b5bd) 13241300x800000000000000037208Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseObtainedTimeDWORD (0x6153aeb5) 13241300x800000000000000037207Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseDWORD (0x00000e10) 13241300x800000000000000037206Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpServer10.0.1.1 13241300x800000000000000037205Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpSubnetMask255.255.255.0 13241300x800000000000000037204Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpIPAddress10.0.1.15 13241300x800000000000000037203Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:25.407{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpInterfaceOptionsBinary Data 13241300x800000000000000037185Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:09:13.596{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4c6-0x3c1ff0de) 13241300x800000000000000037154Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:08:57.591{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4c6-0x3295c452) 13241300x800000000000000036987Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:08:07.962{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4c6-0x1500f4b1) 13241300x800000000000000036534Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:05:27.735{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000036533Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:05:27.735{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0085c3a7) 13241300x800000000000000036532Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:05:27.735{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4bd-0x5355eae0) 13241300x800000000000000036531Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:05:27.735{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c5-0xb51a52e0) 13241300x800000000000000036530Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:05:27.735{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4ce-0x16debae0) 13241300x800000000000000036529Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:05:27.735{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000036528Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:05:27.735{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0085c3a7) 13241300x800000000000000036527Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:05:27.735{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4bd-0x5355eae0) 13241300x800000000000000036526Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:05:27.735{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c5-0xb51a52e0) 13241300x800000000000000036525Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:05:27.735{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4ce-0x16debae0) 13241300x800000000000000035656Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:00:27.719{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000035655Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:00:27.719{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00812fc7) 13241300x800000000000000035654Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:00:27.719{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4bc-0xa0858ce0) 13241300x800000000000000035653Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:00:27.719{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c5-0x0249f4e0) 13241300x800000000000000035652Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:00:27.719{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4cd-0x640e5ce0) 13241300x800000000000000035651Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:00:27.719{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000035650Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:00:27.719{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00812fc7) 13241300x800000000000000035649Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:00:27.719{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4bc-0xa0858ce0) 13241300x800000000000000035648Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:00:27.719{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c5-0x0249f4e0) 13241300x800000000000000035647Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-29 00:00:27.719{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4cd-0x640e5ce0) 13241300x800000000000000034786Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:55:27.711{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000034785Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:55:27.711{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x007c9bd7) 13241300x800000000000000034784Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:55:27.711{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4bb-0xedb2bde0) 13241300x800000000000000034783Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:55:27.711{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c4-0x4f7725e0) 13241300x800000000000000034782Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:55:27.711{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4cc-0xb13b8de0) 13241300x800000000000000034781Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:55:27.711{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000034780Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:55:27.711{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x007c9bd7) 13241300x800000000000000034779Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:55:27.711{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4bb-0xedb2bde0) 13241300x800000000000000034778Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:55:27.711{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c4-0x4f7725e0) 13241300x800000000000000034777Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:55:27.711{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4cc-0xb13b8de0) 13241300x800000000000000034203Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:52:09.568{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4c3-0xd9c197eb) 13241300x800000000000000034173Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:51:53.568{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4c3-0xd0382f11) 13241300x800000000000000034028Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:51:03.940{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4c3-0xb2a3aa08) 13241300x800000000000000033898Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:50:27.702{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000033897Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:50:27.702{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x007807f7) 13241300x800000000000000033896Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:50:27.702{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4bb-0x3ae25fe0) 13241300x800000000000000033895Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:50:27.702{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c3-0x9ca6c7e0) 13241300x800000000000000033894Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:50:27.702{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4cb-0xfe6b2fe0) 13241300x800000000000000033893Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:50:27.702{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000033892Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:50:27.702{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x007807f7) 13241300x800000000000000033891Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:50:27.702{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4bb-0x3ae25fe0) 13241300x800000000000000033890Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:50:27.702{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c3-0x9ca6c7e0) 13241300x800000000000000033889Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:50:27.702{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4cb-0xfe6b2fe0) 13241300x800000000000000033806Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:49:44.456{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\ValueBinary Data 13241300x800000000000000033805Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:49:44.456{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\ValueSizeDWORD (0x00000008) 13241300x800000000000000033804Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:49:44.456{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\KeySizeDWORD (0x00000000) 13241300x800000000000000033803Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:49:44.456{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\TimestampQWORD (0x01d7b4c3-0x83433bf9) 13241300x800000000000000033802Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:49:44.456{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\NetworksBinary Data 13241300x800000000000000033801Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:49:44.456{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\NumNetworksDWORD (0x00000001) 13241300x800000000000000033048Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:45:27.682{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000033047Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:45:27.682{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00737407) 13241300x800000000000000033046Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:45:27.682{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4ba-0x880f90e0) 13241300x800000000000000033045Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:45:27.682{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c2-0xe9d3f8e0) 13241300x800000000000000033044Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:45:27.682{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4cb-0x4b9860e0) 13241300x800000000000000033043Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:45:27.682{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000033042Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:45:27.682{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00737407) 13241300x800000000000000033041Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:45:27.682{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4ba-0x880f90e0) 13241300x800000000000000033040Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:45:27.682{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c2-0xe9d3f8e0) 13241300x800000000000000033039Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:45:27.682{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4cb-0x4b9860e0) 13241300x800000000000000032153Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:40:27.667{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000032152Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:40:27.667{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x006ee018) 13241300x800000000000000032151Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:40:27.667{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b9-0xd53ce8f0) 13241300x800000000000000032150Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:40:27.667{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c2-0x370150f0) 13241300x800000000000000032149Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:40:27.667{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4ca-0x98c5b8f0) 13241300x800000000000000032148Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:40:27.667{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000032147Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:40:27.667{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x006ee018) 13241300x800000000000000032146Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:40:27.667{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b9-0xd53ce8f0) 13241300x800000000000000032145Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:40:27.667{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c2-0x370150f0) 13241300x800000000000000032144Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:40:27.667{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4ca-0x98c5b8f0) 13241300x800000000000000031965Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.389{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000031964Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.389{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\StaleAdapterDWORD (0x00000000) 13241300x800000000000000031963Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.389{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\CompartmentIdDWORD (0x00000001) 13241300x800000000000000031962Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.389{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\FlagsDWORD (0x00000002) 13241300x800000000000000031961Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.389{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\TtlDWORD (0x000004b0) 13241300x800000000000000031960Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.389{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\SentPriUpdateToIpBinary Data 13241300x800000000000000031959Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.389{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\SentUpdateToIpBinary Data 13241300x800000000000000031958Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.389{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\DnsServersBinary Data 13241300x800000000000000031957Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.389{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\HostAddrsBinary Data 13241300x800000000000000031956Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.389{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\PrimaryDomainNameattackrange.local 13241300x800000000000000031955Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.389{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\AdapterDomainName(Empty) 13241300x800000000000000031954Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.389{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\Hostnamewin-host-854 13241300x800000000000000031953Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.374{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000031952Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.374{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpConnForceBroadcastFlagDWORD (0x00000000) 13241300x800000000000000031951Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.374{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\IsServerNapAwareDWORD (0x00000000) 13241300x800000000000000031950Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.374{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\AddressTypeDWORD (0x00000000) 13241300x800000000000000031949Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.374{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseTerminatesTimeDWORD (0x6153b5bd) 13241300x800000000000000031948Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.374{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\T2DWORD (0x6153b3fb) 13241300x800000000000000031947Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.374{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\T1DWORD (0x6153aeb5) 13241300x800000000000000031946Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.374{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseObtainedTimeDWORD (0x6153a7ad) 13241300x800000000000000031945Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.374{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseDWORD (0x00000e10) 13241300x800000000000000031944Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.374{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpServer10.0.1.1 13241300x800000000000000031943Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.374{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpSubnetMask255.255.255.0 13241300x800000000000000031942Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.374{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpIPAddress10.0.1.15 13241300x800000000000000031941Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:39:25.374{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpInterfaceOptionsBinary Data 13241300x800000000000000031265Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:35:27.651{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000031264Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:35:27.651{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x006a4c38) 13241300x800000000000000031263Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:35:27.651{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b9-0x226c8af0) 13241300x800000000000000031262Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:35:27.651{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c1-0x8430f2f0) 13241300x800000000000000031261Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:35:27.651{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c9-0xe5f55af0) 13241300x800000000000000031260Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:35:27.651{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000031259Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:35:27.651{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x006a4c38) 13241300x800000000000000031258Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:35:27.651{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b9-0x226c8af0) 13241300x800000000000000031257Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:35:27.651{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c1-0x8430f2f0) 13241300x800000000000000031256Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:35:27.651{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c9-0xe5f55af0) 13241300x800000000000000031211Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:35:05.557{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4c1-0x7765e4d2) 13241300x800000000000000031185Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:34:49.555{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4c1-0x6ddc39ed) 13241300x800000000000000031015Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:33:59.920{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4c1-0x50469579) 13241300x800000000000000030413Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:30:27.631{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000030412Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:30:27.631{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0065b848) 13241300x800000000000000030411Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:30:27.631{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b8-0x6f99bbf0) 13241300x800000000000000030410Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:30:27.631{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c0-0xd15e23f0) 13241300x800000000000000030409Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:30:27.631{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c9-0x33228bf0) 13241300x800000000000000030408Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:30:27.631{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000030407Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:30:27.631{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0065b848) 13241300x800000000000000030406Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:30:27.631{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b8-0x6f99bbf0) 13241300x800000000000000030405Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:30:27.631{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c0-0xd15e23f0) 13241300x800000000000000030404Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:30:27.631{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c9-0x33228bf0) 13241300x800000000000000030347Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:30:00.036{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4c0-0xc14b2cf6) 13241300x800000000000000029705Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:26:28.168{CBA3DBA2-8B8D-6153-1500-00000000FC01}1156C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000076e) 13241300x800000000000000029698Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:26:28.152{CBA3DBA2-8B8D-6153-1500-00000000FC01}1156C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\BFE\Parameters\Policy\Options\EnablePacketQueueDWORD (0x00000000) 13241300x800000000000000029693Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:26:28.152{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\EventLog\System\mrxsmb\ParameterMessageFile%%SystemRoot%%\System32\kernel32.dll 13241300x800000000000000029678Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.localT1101SetValue2021-09-28 23:26:28.105{CBA3DBA2-8B8C-6153-0A00-00000000FC01}628C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Control\Lsa\nolmhashDWORD (0x00000001) 13241300x800000000000000029506Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:25:27.620{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000029505Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:25:27.620{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00612458) 13241300x800000000000000029504Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:25:27.620{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b7-0xbcc6ecf0) 13241300x800000000000000029503Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:25:27.620{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c0-0x1e8b54f0) 13241300x800000000000000029502Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:25:27.620{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c8-0x804fbcf0) 13241300x800000000000000029501Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:25:27.620{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000029500Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:25:27.620{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00612458) 13241300x800000000000000029499Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:25:27.620{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b7-0xbcc6ecf0) 13241300x800000000000000029498Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:25:27.620{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4c0-0x1e8b54f0) 13241300x800000000000000029497Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:25:27.620{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c8-0x804fbcf0) 13241300x800000000000000028891Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:21:41.913{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\ValueBinary Data 13241300x800000000000000028890Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:21:41.913{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\ValueSizeDWORD (0x00000008) 13241300x800000000000000028889Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:21:41.913{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\KeySizeDWORD (0x00000000) 13241300x800000000000000028888Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:21:41.913{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\TimestampQWORD (0x01d7b4bf-0x9863a631) 13241300x800000000000000028887Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:21:41.913{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\NetworksBinary Data 13241300x800000000000000028886Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:21:41.913{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\NumNetworksDWORD (0x00000001) 13241300x800000000000000028624Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:20:27.615{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000028623Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:20:27.615{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x005c9078) 13241300x800000000000000028622Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:20:27.615{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b7-0x09f68ef0) 13241300x800000000000000028621Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:20:27.615{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4bf-0x6bbaf6f0) 13241300x800000000000000028620Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:20:27.615{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c7-0xcd7f5ef0) 13241300x800000000000000028619Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:20:27.615{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000028618Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:20:27.615{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x005c9078) 13241300x800000000000000028617Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:20:27.615{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b7-0x09f68ef0) 13241300x800000000000000028616Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:20:27.615{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4bf-0x6bbaf6f0) 13241300x800000000000000028615Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:20:27.615{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c7-0xcd7f5ef0) 13241300x800000000000000028223Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:18:01.543{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4bf-0x1509de80) 13241300x800000000000000028195Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:17:45.541{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4bf-0x0b80230f) 13241300x800000000000000028027Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:16:55.902{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4be-0xede9c750) 13241300x800000000000000027771Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:15:27.600{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000027770Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:15:27.600{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0057fc89) 13241300x800000000000000027769Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:15:27.600{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b6-0x5723e700) 13241300x800000000000000027768Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:15:27.600{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4be-0xb8e84f00) 13241300x800000000000000027767Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:15:27.600{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c7-0x1aacb700) 13241300x800000000000000027766Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:15:27.600{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000027765Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:15:27.600{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0057fc89) 13241300x800000000000000027764Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:15:27.600{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b6-0x5723e700) 13241300x800000000000000027763Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:15:27.600{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4be-0xb8e84f00) 13241300x800000000000000027762Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:15:27.600{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c7-0x1aacb700) 13241300x800000000000000026892Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:10:27.580{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000026891Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:10:27.580{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x005368a9) 13241300x800000000000000026890Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:10:27.580{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b5-0xa4538900) 13241300x800000000000000026889Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:10:27.580{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4be-0x0617f100) 13241300x800000000000000026888Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:10:27.580{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c6-0x67dc5900) 13241300x800000000000000026887Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:10:27.580{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000026886Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:10:27.580{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x005368a9) 13241300x800000000000000026885Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:10:27.580{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b5-0xa4538900) 13241300x800000000000000026884Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:10:27.580{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4be-0x0617f100) 13241300x800000000000000026883Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:10:27.580{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c6-0x67dc5900) 13241300x800000000000000026702Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000026701Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\StaleAdapterDWORD (0x00000000) 13241300x800000000000000026700Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\CompartmentIdDWORD (0x00000001) 13241300x800000000000000026699Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\FlagsDWORD (0x00000002) 13241300x800000000000000026698Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\TtlDWORD (0x000004b0) 13241300x800000000000000026697Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\SentPriUpdateToIpBinary Data 13241300x800000000000000026696Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\SentUpdateToIpBinary Data 13241300x800000000000000026695Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\DnsServersBinary Data 13241300x800000000000000026694Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\HostAddrsBinary Data 13241300x800000000000000026693Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\PrimaryDomainNameattackrange.local 13241300x800000000000000026692Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\AdapterDomainName(Empty) 13241300x800000000000000026691Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\Hostnamewin-host-854 13241300x800000000000000026690Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000026689Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpConnForceBroadcastFlagDWORD (0x00000000) 13241300x800000000000000026688Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\IsServerNapAwareDWORD (0x00000000) 13241300x800000000000000026687Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\AddressTypeDWORD (0x00000000) 13241300x800000000000000026686Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseTerminatesTimeDWORD (0x6153aeb5) 13241300x800000000000000026685Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\T2DWORD (0x6153acf3) 13241300x800000000000000026684Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\T1DWORD (0x6153a7ad) 13241300x800000000000000026683Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseObtainedTimeDWORD (0x6153a0a5) 13241300x800000000000000026682Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseDWORD (0x00000e10) 13241300x800000000000000026681Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpServer10.0.1.1 13241300x800000000000000026680Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpSubnetMask255.255.255.0 13241300x800000000000000026679Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpIPAddress10.0.1.15 13241300x800000000000000026678Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:09:25.337{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpInterfaceOptionsBinary Data 13241300x800000000000000026004Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:05:27.562{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000026003Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:05:27.562{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x004ed4b9) 13241300x800000000000000026002Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:05:27.562{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b4-0xf180ba00) 13241300x800000000000000026001Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:05:27.562{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4bd-0x53452200) 13241300x800000000000000026000Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:05:27.562{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c5-0xb5098a00) 13241300x800000000000000025999Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:05:27.562{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000025998Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:05:27.562{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x004ed4b9) 13241300x800000000000000025997Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:05:27.562{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b4-0xf180ba00) 13241300x800000000000000025996Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:05:27.562{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4bd-0x53452200) 13241300x800000000000000025995Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:05:27.562{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c5-0xb5098a00) 13241300x800000000000000025250Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:00:57.525{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4bc-0xb2ad14f3) 13241300x800000000000000025220Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:00:41.525{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4bc-0xa923b6f6) 13241300x800000000000000025142Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:00:27.553{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000025141Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:00:27.553{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x004a40ca) 13241300x800000000000000025140Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:00:27.553{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b4-0x3eae1210) 13241300x800000000000000025139Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:00:27.553{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4bc-0xa0727a10) 13241300x800000000000000025138Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:00:27.553{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c5-0x0236e210) 13241300x800000000000000025137Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:00:27.553{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000025136Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:00:27.553{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x004a40ca) 13241300x800000000000000025135Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:00:27.553{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b4-0x3eae1210) 13241300x800000000000000025134Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:00:27.553{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4bc-0xa0727a10) 13241300x800000000000000025133Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 23:00:27.553{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c5-0x0236e210) 13241300x800000000000000025068Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:59:51.879{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4bc-0x8b8c590f) 13241300x800000000000000024356Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:55:39.370{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\ValueBinary Data 13241300x800000000000000024355Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:55:39.370{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\ValueSizeDWORD (0x00000008) 13241300x800000000000000024354Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:55:39.370{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\KeySizeDWORD (0x00000000) 13241300x800000000000000024353Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:55:39.370{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\TimestampQWORD (0x01d7b4bb-0xf50a6f4a) 13241300x800000000000000024352Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:55:39.370{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\NetworksBinary Data 13241300x800000000000000024351Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:55:39.370{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\NumNetworksDWORD (0x00000001) 13241300x800000000000000024277Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:55:27.540{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000024276Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:55:27.540{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0045acea) 13241300x800000000000000024275Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:55:27.540{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b3-0x8bddb410) 13241300x800000000000000024274Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:55:27.540{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4bb-0xeda21c10) 13241300x800000000000000024273Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:55:27.540{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c4-0x4f668410) 13241300x800000000000000024272Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:55:27.540{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000024271Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:55:27.540{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0045acea) 13241300x800000000000000024270Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:55:27.540{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b3-0x8bddb410) 13241300x800000000000000024269Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:55:27.540{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4bb-0xeda21c10) 13241300x800000000000000024268Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:55:27.540{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c4-0x4f668410) 13241300x800000000000000023745Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:52:25.503{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4bb-0x817cade6) 13241300x800000000000000023716Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:52:09.505{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4bb-0x77f3a70d) 13241300x800000000000000022948Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:36.107{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\NextInstanceDWORD (0x00000002) 13241300x800000000000000022947Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:36.107{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\CountDWORD (0x00000002) 13241300x800000000000000022946Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:36.107{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Mouse0 13241300x800000000000000022945Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:36.107{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000002) 13241300x800000000000000022944Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:36.107{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000002) 13241300x800000000000000022943Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:36.107{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Mouse0 13241300x800000000000000022942Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:36.107{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\NextInstanceDWORD (0x00000002) 13241300x800000000000000022941Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:36.107{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\CountDWORD (0x00000002) 13241300x800000000000000022940Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:36.107{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Keyboard0 13241300x800000000000000022939Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:36.107{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000022938Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:36.107{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000001) 13241300x800000000000000022937Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:36.107{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\0TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Keyboard0 13241300x800000000000000022911Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:36.045{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000022910Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:36.045{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\CountDWORD (0x00000001) 13241300x800000000000000022908Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:36.045{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000000) 13241300x800000000000000022907Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:36.045{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000000) 13241300x800000000000000022902Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:35.982{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000022901Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:35.982{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\CountDWORD (0x00000001) 13241300x800000000000000022899Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:35.982{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000022898Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:35.982{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000001) 13241300x800000000000000022681Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:35.107{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\NextInstanceDWORD (0x00000002) 13241300x800000000000000022680Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:35.107{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\CountDWORD (0x00000002) 13241300x800000000000000022679Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:35.107{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Mouse0 13241300x800000000000000022678Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:35.107{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000002) 13241300x800000000000000022677Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:35.107{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000002) 13241300x800000000000000022676Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:35.107{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Mouse0 13241300x800000000000000022675Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.localInvDB-DriverVerSetValue2021-09-28 22:50:35.107{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}\0003\DriverVersion10.0.14393.0 13241300x800000000000000022674Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:35.091{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\NextInstanceDWORD (0x00000002) 13241300x800000000000000022673Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:35.091{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\CountDWORD (0x00000002) 13241300x800000000000000022672Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:35.091{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Keyboard0 13241300x800000000000000022671Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:35.091{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000022670Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:35.091{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000001) 13241300x800000000000000022669Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:35.091{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\0TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Keyboard0 13241300x800000000000000022668Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.localInvDB-DriverVerSetValue2021-09-28 22:50:35.091{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}\0003\DriverVersion10.0.14393.0 13241300x800000000000000022574Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:33.998{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000022573Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:33.998{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\CountDWORD (0x00000001) 13241300x800000000000000022571Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:33.998{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000000) 13241300x800000000000000022570Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:33.998{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000000) 13241300x800000000000000022568Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:33.935{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000022567Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:33.935{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\CountDWORD (0x00000001) 13241300x800000000000000022565Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:33.935{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000001) 13241300x800000000000000022564Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:33.935{CBA3DBA2-8B8A-6153-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000001) 13241300x800000000000000022499Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:27.526{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000022498Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:27.526{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x004118fa) 13241300x800000000000000022497Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:27.526{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b2-0xd90ae510) 13241300x800000000000000022496Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:27.526{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4bb-0x3acf4d10) 13241300x800000000000000022495Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:27.526{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c3-0x9c93b510) 13241300x800000000000000022494Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:27.526{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000022493Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:27.526{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x004118fa) 13241300x800000000000000022492Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:27.526{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b2-0xd90ae510) 13241300x800000000000000022491Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:27.526{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4bb-0x3acf4d10) 13241300x800000000000000022490Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:50:27.526{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c3-0x9c93b510) 13241300x800000000000000021622Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:45:27.511{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000021621Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:45:27.511{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x003c850a) 13241300x800000000000000021620Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:45:27.511{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b2-0x26381610) 13241300x800000000000000021619Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:45:27.511{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4ba-0x87fc7e10) 13241300x800000000000000021618Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:45:27.511{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c2-0xe9c0e610) 13241300x800000000000000021617Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:45:27.511{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000021616Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:45:27.511{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x003c850a) 13241300x800000000000000021615Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:45:27.511{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b2-0x26381610) 13241300x800000000000000021614Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:45:27.511{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4ba-0x87fc7e10) 13241300x800000000000000021613Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:45:27.511{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c2-0xe9c0e610) 13241300x800000000000000021392Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:43:53.503{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4ba-0x504fad25) 13241300x800000000000000021367Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:43:37.499{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4ba-0x46c5a8f7) 13241300x800000000000000021198Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:42:47.858{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4ba-0x292f1a28) 13241300x800000000000000020767Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:40:27.498{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000020766Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:40:27.498{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0037f12a) 13241300x800000000000000020765Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:40:27.498{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b1-0x7367b810) 13241300x800000000000000020764Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:40:27.498{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4b9-0xd52c2010) 13241300x800000000000000020763Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:40:27.498{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c2-0x36f08810) 13241300x800000000000000020762Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:40:27.498{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000020761Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:40:27.498{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0037f12a) 13241300x800000000000000020760Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:40:27.498{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b1-0x7367b810) 13241300x800000000000000020759Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:40:27.498{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4b9-0xd52c2010) 13241300x800000000000000020758Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:40:27.498{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c2-0x36f08810) 13241300x800000000000000020579Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.325{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000020578Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.325{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\StaleAdapterDWORD (0x00000000) 13241300x800000000000000020577Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.325{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\CompartmentIdDWORD (0x00000001) 13241300x800000000000000020576Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.325{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\FlagsDWORD (0x00000002) 13241300x800000000000000020575Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.325{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\TtlDWORD (0x000004b0) 13241300x800000000000000020574Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.325{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\SentPriUpdateToIpBinary Data 13241300x800000000000000020573Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.325{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\SentUpdateToIpBinary Data 13241300x800000000000000020572Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.325{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\DnsServersBinary Data 13241300x800000000000000020571Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.325{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\HostAddrsBinary Data 13241300x800000000000000020570Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.325{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\PrimaryDomainNameattackrange.local 13241300x800000000000000020569Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.325{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\AdapterDomainName(Empty) 13241300x800000000000000020568Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.325{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\Hostnamewin-host-854 13241300x800000000000000020567Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.310{CBA3DBA2-8B8D-6153-1400-00000000FC01}756C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{F281DD77-85DB-49AC-8095-8A55BD65DE2A}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000020566Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.310{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpConnForceBroadcastFlagDWORD (0x00000000) 13241300x800000000000000020565Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.310{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\IsServerNapAwareDWORD (0x00000000) 13241300x800000000000000020564Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.310{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\AddressTypeDWORD (0x00000000) 13241300x800000000000000020563Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.310{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseTerminatesTimeDWORD (0x6153a7ad) 13241300x800000000000000020562Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.310{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\T2DWORD (0x6153a5eb) 13241300x800000000000000020561Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.310{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\T1DWORD (0x6153a0a5) 13241300x800000000000000020560Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.310{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseObtainedTimeDWORD (0x6153999d) 13241300x800000000000000020559Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.310{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\LeaseDWORD (0x00000e10) 13241300x800000000000000020558Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.310{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpServer10.0.1.1 13241300x800000000000000020557Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.310{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpSubnetMask255.255.255.0 13241300x800000000000000020556Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.310{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpIPAddress10.0.1.15 13241300x800000000000000020555Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:39:25.310{CBA3DBA2-8B8D-6153-1000-00000000FC01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f281dd77-85db-49ac-8095-8a55bd65de2a}\DhcpInterfaceOptionsBinary Data 13241300x800000000000000019902Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:35:27.477{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000019901Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:35:27.477{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00335d3b) 13241300x800000000000000019900Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:35:27.477{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b0-0xc0951020) 13241300x800000000000000019899Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:35:27.477{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4b9-0x22597820) 13241300x800000000000000019898Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:35:27.477{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c1-0x841de020) 13241300x800000000000000019897Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:35:27.477{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000019896Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:35:27.477{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00335d3b) 13241300x800000000000000019895Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:35:27.477{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b0-0xc0951020) 13241300x800000000000000019894Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:35:27.477{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4b9-0x22597820) 13241300x800000000000000019893Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:35:27.477{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c1-0x841de020) 13241300x800000000000000019848Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:35:21.492{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4b9-0x1f2107c8) 13241300x800000000000000019823Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:35:05.497{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4b9-0x15986be1) 13241300x800000000000000019675Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:34:15.838{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4b8-0xf7ff10ea) 13241300x800000000000000019454Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:32:36.838{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\ValueBinary Data 13241300x800000000000000019453Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:32:36.838{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\ValueSizeDWORD (0x00000008) 13241300x800000000000000019452Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:32:36.838{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\KeySizeDWORD (0x00000000) 13241300x800000000000000019451Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:32:36.838{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\TimestampQWORD (0x01d7b4b8-0xbcfcc7a0) 13241300x800000000000000019450Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:32:36.838{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\NetworksBinary Data 13241300x800000000000000019449Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:32:36.838{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\7\NumNetworksDWORD (0x00000001) 13241300x800000000000000019024Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:30:27.467{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000019023Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:30:27.467{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x002ec95b) 13241300x800000000000000019022Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:30:27.467{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b0-0x0dc4b220) 13241300x800000000000000019021Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:30:27.467{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4b8-0x6f891a20) 13241300x800000000000000019020Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:30:27.467{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c0-0xd14d8220) 13241300x800000000000000019019Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:30:27.467{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000019018Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:30:27.467{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x002ec95b) 13241300x800000000000000019017Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:30:27.467{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4b0-0x0dc4b220) 13241300x800000000000000019016Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:30:27.467{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4b8-0x6f891a20) 13241300x800000000000000019015Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:30:27.467{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c0-0xd14d8220) 13241300x800000000000000018958Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:30:00.031{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4b8-0x5f85ecb7) 13241300x800000000000000018436Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:26:49.477{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4b7-0xedf1c6e7) 13241300x800000000000000018410Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:26:33.479{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4b7-0xe4689999) 13241300x800000000000000018233Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:25:43.835{CBA3DBA2-8B8D-6153-1100-00000000FC01}988C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b4b7-0xc6d18083) 13241300x800000000000000018145Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:25:27.456{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000018144Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:25:27.456{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x002a356b) 13241300x800000000000000018143Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:25:27.456{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4af-0x5af1e320) 13241300x800000000000000018142Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:25:27.456{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4b7-0xbcb64b20) 13241300x800000000000000018141Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:25:27.456{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c0-0x1e7ab320) 13241300x800000000000000018140Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:25:27.456{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000018139Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:25:27.456{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x002a356b) 13241300x800000000000000018138Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:25:27.456{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b4af-0x5af1e320) 13241300x800000000000000018137Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:25:27.456{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b4b7-0xbcb64b20) 13241300x800000000000000018136Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:25:27.456{CBA3DBA2-8B8C-6153-0B00-00000000FC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b4c0-0x1e7ab320) 13241300x800000000000000017512Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:21:33.361{CBA3DBA2-956D-6153-5802-00000000FC01}5440C:\Users\Administrator\Desktop\remcos_a.exeHKU\S-1-5-21-2822931434-4158708864-2523875129-500\SOFTWARE\Remcos-Q3AZ0K\licence(Empty) 13241300x800000000000000017509Microsoft-Windows-Sysmon/Operationalwin-host-854.attackrange.local-SetValue2021-09-28 22:21:33.252{CBA3DBA2-8B8D-6153-1300-00000000FC01}384C:\Windows\System32\svchost.exeHKU\S-1-5-21-2822931434-4158708864-2523875129-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\Administrator\Desktop\remcos_a.exeBinary Data