13241300x800000000000000013742Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-07-25 14:49:09.032{13E3B8D2-E0E3-64BF-D808-00000000F902}6928C:\ProgramData\images.exeHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServerDWORD (0x0000000a)ATTACKRANGE\Administrator 13241300x800000000000000013741Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-07-25 14:49:09.032{13E3B8D2-E0E3-64BF-D808-00000000F902}6928C:\ProgramData\images.exeHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0ServerDWORD (0x0000000a)ATTACKRANGE\Administrator 13241300x800000000000000013600Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-07-25 14:49:07.954{13E3B8D2-E0E1-64BF-D608-00000000F902}6808C:\Temp\PO894Y23.PDF.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ImagesC:\ProgramData\images.exeATTACKRANGE\Administrator 13241300x800000000000000013596Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-07-25 14:49:07.423{13E3B8D2-E0E1-64BF-D608-00000000F902}6808C:\Temp\PO894Y23.PDF.exeHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServerDWORD (0x0000000a)ATTACKRANGE\Administrator 13241300x800000000000000013595Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1060,RunKeySetValue2023-07-25 14:49:07.423{13E3B8D2-E0E1-64BF-D608-00000000F902}6808C:\Temp\PO894Y23.PDF.exeHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0ServerDWORD (0x0000000a)ATTACKRANGE\Administrator 13241300x800000000000000013530Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDBSetValue2023-07-25 14:49:05.736{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exeHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Temp\PO894Y23.PDF.exeBinary DataNT AUTHORITY\SYSTEM 13241300x800000000000000012478Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-SetValue2023-07-25 14:45:21.400{13E3B8D2-DFFE-64BF-B908-00000000F902}3340C:\Program Files\Wireshark\Wireshark.exeHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnableDWORD (0x00000000)ATTACKRANGE\Administrator 13241300x800000000000000012058Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDBSetValue2023-07-25 14:45:18.372{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exeHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files\Wireshark\Wireshark.exeBinary DataNT AUTHORITY\SYSTEM 13241300x800000000000000011831Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-VerSetValue2023-07-25 14:45:07.637{13E3B8D2-DFF0-64BF-AF08-00000000F902}3428C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{b49fcb77-20fc-4803-00a2-ea6ddaaee01f}\Root\InventoryApplicationFile\uninstall.exe|af59766a7e5a8c5a\BinProductVersion5.1.71.1819NT AUTHORITY\SYSTEM 13241300x800000000000000011830Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-25 14:45:07.637{13E3B8D2-DFF0-64BF-AF08-00000000F902}3428C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{b49fcb77-20fc-4803-00a2-ea6ddaaee01f}\Root\InventoryApplicationFile\uninstall.exe|af59766a7e5a8c5a\LinkDate07/24/2021 22:41:54NT AUTHORITY\SYSTEM 13241300x800000000000000011829Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PubSetValue2023-07-25 14:45:07.637{13E3B8D2-DFF0-64BF-AF08-00000000F902}3428C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{b49fcb77-20fc-4803-00a2-ea6ddaaee01f}\Root\InventoryApplicationFile\uninstall.exe|af59766a7e5a8c5a\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x800000000000000011828Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PathSetValue2023-07-25 14:45:07.637{13E3B8D2-DFF0-64BF-AF08-00000000F902}3428C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{b49fcb77-20fc-4803-00a2-ea6ddaaee01f}\Root\InventoryApplicationFile\uninstall.exe|af59766a7e5a8c5a\LowerCaseLongPathc:\program files\npcap\uninstall.exeNT AUTHORITY\SYSTEM 13241300x800000000000000011827Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-VerSetValue2023-07-25 14:45:07.637{13E3B8D2-DFF0-64BF-AF08-00000000F902}3428C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{b49fcb77-20fc-4803-00a2-ea6ddaaee01f}\Root\InventoryApplicationFile\npfinstall.exe|4fcd245e63e11e31\BinProductVersion5.1.71.1819NT AUTHORITY\SYSTEM 13241300x800000000000000011826Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-25 14:45:07.637{13E3B8D2-DFF0-64BF-AF08-00000000F902}3428C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{b49fcb77-20fc-4803-00a2-ea6ddaaee01f}\Root\InventoryApplicationFile\npfinstall.exe|4fcd245e63e11e31\LinkDate08/19/2022 19:04:03NT AUTHORITY\SYSTEM 13241300x800000000000000011825Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PubSetValue2023-07-25 14:45:07.637{13E3B8D2-DFF0-64BF-AF08-00000000F902}3428C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{b49fcb77-20fc-4803-00a2-ea6ddaaee01f}\Root\InventoryApplicationFile\npfinstall.exe|4fcd245e63e11e31\Publisherinsecure.com llc.NT AUTHORITY\SYSTEM 13241300x800000000000000011824Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PathSetValue2023-07-25 14:45:07.637{13E3B8D2-DFF0-64BF-AF08-00000000F902}3428C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{b49fcb77-20fc-4803-00a2-ea6ddaaee01f}\Root\InventoryApplicationFile\npfinstall.exe|4fcd245e63e11e31\LowerCaseLongPathc:\program files\npcap\npfinstall.exeNT AUTHORITY\SYSTEM 13241300x800000000000000011823Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-VerSetValue2023-07-25 14:45:07.637{13E3B8D2-DFF0-64BF-AF08-00000000F902}3428C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{b49fcb77-20fc-4803-00a2-ea6ddaaee01f}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\BinProductVersion5.1.71.1819NT AUTHORITY\SYSTEM 13241300x800000000000000011822Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-25 14:45:07.637{13E3B8D2-DFF0-64BF-AF08-00000000F902}3428C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{b49fcb77-20fc-4803-00a2-ea6ddaaee01f}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\LinkDate08/19/2022 19:04:12NT AUTHORITY\SYSTEM 13241300x800000000000000011821Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PubSetValue2023-07-25 14:45:07.637{13E3B8D2-DFF0-64BF-AF08-00000000F902}3428C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{b49fcb77-20fc-4803-00a2-ea6ddaaee01f}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\Publisherinsecure.com llc.NT AUTHORITY\SYSTEM 13241300x800000000000000011820Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PathSetValue2023-07-25 14:45:07.637{13E3B8D2-DFF0-64BF-AF08-00000000F902}3428C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{b49fcb77-20fc-4803-00a2-ea6ddaaee01f}\Root\InventoryApplicationFile\npcap.sys|3741aa4c3d128834\LowerCaseLongPathc:\program files\npcap\npcap.sysNT AUTHORITY\SYSTEM 13241300x800000000000000011819Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PubSetValue2023-07-25 14:45:07.637{13E3B8D2-DFF0-64BF-AF08-00000000F902}3428C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{b49fcb77-20fc-4803-00a2-ea6ddaaee01f}\Root\InventoryApplication\00004eeb517eefaea87dc5cd5fd069f35dc60000ffff\PublisherNmap ProjectNT AUTHORITY\SYSTEM 13241300x800000000000000011815Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PubSetValue2023-07-25 14:45:07.153{13E3B8D2-DFF0-64BF-AF08-00000000F902}3428C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{b49fcb77-20fc-4803-00a2-ea6ddaaee01f}\Root\InventoryApplication\00003312f700c3d03614c2c9f93e32df9af300000904\PublisherCN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=USNT AUTHORITY\SYSTEM 13241300x800000000000000011814Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PubSetValue2023-07-25 14:45:06.637{13E3B8D2-DFF0-64BF-AF08-00000000F902}3428C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{b49fcb77-20fc-4803-00a2-ea6ddaaee01f}\Root\InventoryApplication\00004ee7114ba1c474f7bbd42f8c9f930b0700000904\PublisherCN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=USNT AUTHORITY\SYSTEM 13241300x800000000000000011813Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PubSetValue2023-07-25 14:45:06.528{13E3B8D2-DFF0-64BF-AF08-00000000F902}3428C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{b49fcb77-20fc-4803-00a2-ea6ddaaee01f}\Root\InventoryApplication\000068583dc536ea8c3daf81bdbdf12127d400000904\PublisherCN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=USNT AUTHORITY\SYSTEM 13241300x800000000000000011812Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PubSetValue2023-07-25 14:45:06.419{13E3B8D2-DFF0-64BF-AF08-00000000F902}3428C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{b49fcb77-20fc-4803-00a2-ea6ddaaee01f}\Root\InventoryApplication\000070aa163b48d93a6fb1c459f613fcd65f00000904\PublisherCN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=USNT AUTHORITY\SYSTEM 13241300x800000000000000011811Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PubSetValue2023-07-25 14:45:06.184{13E3B8D2-DFF0-64BF-AF08-00000000F902}3428C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{b49fcb77-20fc-4803-00a2-ea6ddaaee01f}\Root\InventoryApplication\000027bb02f51e48dc3e0db3390b300af68d00000904\PublisherCN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=USNT AUTHORITY\SYSTEM 13241300x800000000000000011750Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-SetValue2023-07-25 14:45:05.419{13E3B8D2-DFF1-64BF-B108-00000000F902}1304C:\Program Files\Mozilla Firefox\pingsender.exeHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnableDWORD (0x00000000)ATTACKRANGE\Administrator 13241300x800000000000000011598Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDBSetValue2023-07-25 14:45:04.910{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exeHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\Administrator\Downloads\Wireshark-win64-4.0.7.exeBinary DataNT AUTHORITY\SYSTEM 13241300x800000000000000010674Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-SetValue2023-07-25 14:44:47.661{13E3B8D2-DFAC-64BF-9108-00000000F902}840C:\Users\Administrator\Downloads\Wireshark-win64-4.0.7.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Wireshark.exe\PathC:\Program Files\WiresharkATTACKRANGE\Administrator 13241300x800000000000000010673Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-SetValue2023-07-25 14:44:47.661{13E3B8D2-DFAC-64BF-9108-00000000F902}840C:\Users\Administrator\Downloads\Wireshark-win64-4.0.7.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Wireshark.exe\(Default)C:\Program Files\Wireshark\Wireshark.exeATTACKRANGE\Administrator 13241300x800000000000000010488Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-SetValue2023-07-25 14:44:42.222{13E3B8D2-DFCF-64BF-9908-00000000F902}3600C:\Program Files\Wireshark\npcap-1.71.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst\URLUpdateInfohttps://npcap.com/#downloadATTACKRANGE\Administrator 13241300x800000000000000010487Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PubSetValue2023-07-25 14:44:42.221{13E3B8D2-DFCF-64BF-9908-00000000F902}3600C:\Program Files\Wireshark\npcap-1.71.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst\PublisherNmap ProjectATTACKRANGE\Administrator 13241300x800000000000000010359Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1031,T1050SetValue2023-07-25 14:44:39.828{13E3B8D2-DFCF-64BF-9908-00000000F902}3600C:\Program Files\Wireshark\npcap-1.71.exeHKLM\System\CurrentControlSet\Services\npcap_wifi\StartDWORD (0x00000004)ATTACKRANGE\Administrator 13241300x800000000000000010358Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1031,T1050SetValue2023-07-25 14:44:39.828{13E3B8D2-DFCF-64BF-9908-00000000F902}3600C:\Program Files\Wireshark\npcap-1.71.exeHKLM\System\CurrentControlSet\Services\npcap\StartDWORD (0x00000001)ATTACKRANGE\Administrator 13241300x800000000000000010357Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1031,T1050SetValue2023-07-25 14:44:39.826{13E3B8D2-DFCF-64BF-9908-00000000F902}3600C:\Program Files\Wireshark\npcap-1.71.exeHKLM\System\CurrentControlSet\Services\npcap\StartDWORD (0x00000001)ATTACKRANGE\Administrator 13241300x800000000000000010347Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1031,T1050SetValue2023-07-25 14:44:39.528{13E3B8D2-873E-64BF-0A00-00000000F902}568C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\npcap\ImagePath\SystemRoot\system32\DRIVERS\npcap.sysNT AUTHORITY\SYSTEM 13241300x800000000000000010346Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1031,T1050SetValue2023-07-25 14:44:39.528{13E3B8D2-873E-64BF-0A00-00000000F902}568C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\npcap\StartDWORD (0x00000001)NT AUTHORITY\SYSTEM 13241300x80000000000000009751Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-VerSetValue2023-07-25 14:44:31.896{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exe\REGISTRY\A\{5374f74d-6bea-c40a-ae79-47c27ed9b651}\Root\InventoryApplicationFile\uninstall-wiresh|49913b7bbcd206c3\BinProductVersion4.0.7.0NT AUTHORITY\SYSTEM 13241300x80000000000000009750Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-25 14:44:31.896{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exe\REGISTRY\A\{5374f74d-6bea-c40a-ae79-47c27ed9b651}\Root\InventoryApplicationFile\uninstall-wiresh|49913b7bbcd206c3\LinkDate09/25/2021 21:57:46NT AUTHORITY\SYSTEM 13241300x80000000000000009749Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PubSetValue2023-07-25 14:44:31.896{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exe\REGISTRY\A\{5374f74d-6bea-c40a-ae79-47c27ed9b651}\Root\InventoryApplicationFile\uninstall-wiresh|49913b7bbcd206c3\Publisherwireshark development teamNT AUTHORITY\SYSTEM 13241300x80000000000000009748Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PathSetValue2023-07-25 14:44:31.896{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exe\REGISTRY\A\{5374f74d-6bea-c40a-ae79-47c27ed9b651}\Root\InventoryApplicationFile\uninstall-wiresh|49913b7bbcd206c3\LowerCaseLongPathc:\program files\wireshark\uninstall-wireshark.exeNT AUTHORITY\SYSTEM 13241300x80000000000000009747Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-VerSetValue2023-07-25 14:44:31.896{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exe\REGISTRY\A\{5374f74d-6bea-c40a-ae79-47c27ed9b651}\Root\InventoryApplicationFile\npcap-1.71.exe|3d47e4a5c32d9607\BinProductVersion5.1.71.1819NT AUTHORITY\SYSTEM 13241300x80000000000000009746Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-25 14:44:31.896{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exe\REGISTRY\A\{5374f74d-6bea-c40a-ae79-47c27ed9b651}\Root\InventoryApplicationFile\npcap-1.71.exe|3d47e4a5c32d9607\LinkDate07/24/2021 22:40:31NT AUTHORITY\SYSTEM 13241300x80000000000000009745Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PubSetValue2023-07-25 14:44:31.890{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exe\REGISTRY\A\{5374f74d-6bea-c40a-ae79-47c27ed9b651}\Root\InventoryApplicationFile\npcap-1.71.exe|3d47e4a5c32d9607\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000009744Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PathSetValue2023-07-25 14:44:31.890{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exe\REGISTRY\A\{5374f74d-6bea-c40a-ae79-47c27ed9b651}\Root\InventoryApplicationFile\npcap-1.71.exe|3d47e4a5c32d9607\LowerCaseLongPathc:\program files\wireshark\npcap-1.71.exeNT AUTHORITY\SYSTEM 13241300x80000000000000009743Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-VerSetValue2023-07-25 14:44:31.890{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exe\REGISTRY\A\{5374f74d-6bea-c40a-ae79-47c27ed9b651}\Root\InventoryApplicationFile\dumpcap.exe|e11d03b1ab56f1d4\BinProductVersion4.0.7.0NT AUTHORITY\SYSTEM 13241300x80000000000000009742Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-25 14:44:31.890{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exe\REGISTRY\A\{5374f74d-6bea-c40a-ae79-47c27ed9b651}\Root\InventoryApplicationFile\dumpcap.exe|e11d03b1ab56f1d4\LinkDate07/12/2023 16:58:53NT AUTHORITY\SYSTEM 13241300x80000000000000009741Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PubSetValue2023-07-25 14:44:31.890{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exe\REGISTRY\A\{5374f74d-6bea-c40a-ae79-47c27ed9b651}\Root\InventoryApplicationFile\dumpcap.exe|e11d03b1ab56f1d4\Publisherthe wireshark developer communityNT AUTHORITY\SYSTEM 13241300x80000000000000009740Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PathSetValue2023-07-25 14:44:31.890{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exe\REGISTRY\A\{5374f74d-6bea-c40a-ae79-47c27ed9b651}\Root\InventoryApplicationFile\dumpcap.exe|e11d03b1ab56f1d4\LowerCaseLongPathc:\program files\wireshark\dumpcap.exeNT AUTHORITY\SYSTEM 13241300x80000000000000009739Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PubSetValue2023-07-25 14:44:31.890{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exe\REGISTRY\A\{5374f74d-6bea-c40a-ae79-47c27ed9b651}\Root\InventoryApplication\000023da77c4c44c40c98ec8ede5b7fca3100000ffff\PublisherThe Wireshark developer community, https://www.wireshark.orgNT AUTHORITY\SYSTEM 13241300x80000000000000009673Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1042SetValue2023-07-25 14:44:30.767{13E3B8D2-DFAC-64BF-9108-00000000F902}840C:\Users\Administrator\Downloads\Wireshark-win64-4.0.7.exeHKCR\wireshark-capture-file\Shell\open\command\(Default)"C:\Program Files\Wireshark\Wireshark.exe" "%%1"ATTACKRANGE\Administrator 13241300x80000000000000009672Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-SetValue2023-07-25 14:44:30.752{13E3B8D2-DFAC-64BF-9108-00000000F902}840C:\Users\Administrator\Downloads\Wireshark-win64-4.0.7.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wireshark\URLUpdateInfohttps://www.wireshark.org/download.htmlATTACKRANGE\Administrator 13241300x80000000000000009671Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PubSetValue2023-07-25 14:44:30.752{13E3B8D2-DFAC-64BF-9108-00000000F902}840C:\Users\Administrator\Downloads\Wireshark-win64-4.0.7.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wireshark\PublisherThe Wireshark developer community, https://www.wireshark.orgATTACKRANGE\Administrator 13241300x80000000000000008870Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-VerSetValue2023-07-25 14:43:57.167{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exe\REGISTRY\A\{f8bb42ad-caeb-2489-8ff6-964da21c52e4}\Root\InventoryApplicationFile\wireshark-win64-|230151532dd2212\BinProductVersion4.0.7.0NT AUTHORITY\SYSTEM 13241300x80000000000000008869Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-25 14:43:57.167{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exe\REGISTRY\A\{f8bb42ad-caeb-2489-8ff6-964da21c52e4}\Root\InventoryApplicationFile\wireshark-win64-|230151532dd2212\LinkDate09/25/2021 21:56:47NT AUTHORITY\SYSTEM 13241300x80000000000000008868Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PubSetValue2023-07-25 14:43:57.167{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exe\REGISTRY\A\{f8bb42ad-caeb-2489-8ff6-964da21c52e4}\Root\InventoryApplicationFile\wireshark-win64-|230151532dd2212\Publisherwireshark development teamNT AUTHORITY\SYSTEM 13241300x80000000000000008867Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-PathSetValue2023-07-25 14:43:57.167{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exe\REGISTRY\A\{f8bb42ad-caeb-2489-8ff6-964da21c52e4}\Root\InventoryApplicationFile\wireshark-win64-|230151532dd2212\LowerCaseLongPathc:\users\administrator\downloads\wireshark-win64-4.0.7.exeNT AUTHORITY\SYSTEM 13241300x80000000000000008864Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDBSetValue2023-07-25 14:43:57.012{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exeHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\Administrator\Downloads\Wireshark-win64-4.0.7.exeBinary DataNT AUTHORITY\SYSTEM 13241300x80000000000000008210Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-SetValue2023-07-25 14:43:16.013{13E3B8D2-DF81-64BF-8208-00000000F902}6332C:\Program Files\Mozilla Firefox\firefox.exeHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnableDWORD (0x00000000)ATTACKRANGE\Administrator 13241300x80000000000000007335Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-DriverVerSetValue2023-07-25 14:30:21.327{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exe\REGISTRY\A\{635808f4-8e37-34c3-79ca-7713ac34bf47}\Root\InventoryDevicePnp\scsi/cdrom&ven_msft&prod_virtual_dvd-rom/2&1f4adffe&0&000001\DriverVerVersion10.0.14393.5006NT AUTHORITY\SYSTEM 13241300x80000000000000007334Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-DriverVerSetValue2023-07-25 14:30:21.312{13E3B8D2-8740-64BF-1300-00000000F902}696C:\Windows\System32\svchost.exe\REGISTRY\A\{635808f4-8e37-34c3-79ca-7713ac34bf47}\Root\InventoryDevicePnp\{8e7bd593-6e6c-4c52-86a6-77175494dd8e}/msvhdhba/1&3030e83&0&01\DriverVerVersion10.0.14393.5291NT AUTHORITY\SYSTEM 13241300x80000000000000007326Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localContext,DeviceConnectedOrUpdatedSetValue2023-07-25 14:30:11.280{13E3B8D2-873C-64BF-EB03-000000000000}4SystemHKLM\System\CurrentControlSet\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName@cdrom.inf,%%ISO_Generic_FriendlyName%%;Microsoft Virtual DVD-ROMNT AUTHORITY\SYSTEM 13241300x80000000000000007325Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-DriverVerSetValue2023-07-25 14:30:11.280{13E3B8D2-873C-64BF-EB03-000000000000}4SystemHKLM\System\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}\0000\DriverVersion10.0.14393.5006NT AUTHORITY\SYSTEM 13241300x80000000000000007324Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-DriverVerSetValue2023-07-25 14:30:11.202{13E3B8D2-873C-64BF-EB03-000000000000}4SystemHKLM\System\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}\0003\DriverVersion10.0.14393.5291NT AUTHORITY\SYSTEM 13241300x80000000000000007321Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-SetValue2023-07-25 14:29:59.781{13E3B8D2-8948-64BF-C600-00000000F902}4448C:\Windows\Explorer.EXEHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} {00000122-0000-0000-C000-000000000046} 0xFFFFBinary DataATTACKRANGE\Administrator 13241300x80000000000000007320Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-SetValue2023-07-25 14:29:59.749{13E3B8D2-8948-64BF-C600-00000000F902}4448C:\Windows\Explorer.EXEHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{ECF03A32-103D-11D2-854D-006008059367} {00000122-0000-0000-C000-000000000046} 0xFFFFBinary DataATTACKRANGE\Administrator 13241300x80000000000000007319Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-SetValue2023-07-25 14:29:59.687{13E3B8D2-8948-64BF-C600-00000000F902}4448C:\Windows\Explorer.EXEHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} {00000122-0000-0000-C000-000000000046} 0xFFFFBinary DataATTACKRANGE\Administrator 13241300x80000000000000007318Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-SetValue2023-07-25 14:29:59.671{13E3B8D2-8948-64BF-C600-00000000F902}4448C:\Windows\Explorer.EXEHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} {A08CE4D0-FA25-44AB-B57C-C7B1C323E0B9} 0xFFFFBinary DataATTACKRANGE\Administrator 13241300x80000000000000007317Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-SetValue2023-07-25 14:29:59.655{13E3B8D2-8948-64BF-C600-00000000F902}4448C:\Windows\Explorer.EXEHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{B8CDCB65-B1BF-4B42-9428-1DFDB7EE92AF} {000214E4-0000-0000-C000-000000000046} 0xFFFFBinary DataATTACKRANGE\Administrator 13241300x80000000000000007316Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-SetValue2023-07-25 14:29:59.655{13E3B8D2-8948-64BF-C600-00000000F902}4448C:\Windows\Explorer.EXEHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} {00000122-0000-0000-C000-000000000046} 0xFFFFBinary DataATTACKRANGE\Administrator 13241300x80000000000000007315Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-SetValue2023-07-25 14:29:59.624{13E3B8D2-8948-64BF-C600-00000000F902}4448C:\Windows\Explorer.EXEHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{99D353BC-C813-41EC-8F28-EAE61E702E57} {A08CE4D0-FA25-44AB-B57C-C7B1C323E0B9} 0xFFFFBinary DataATTACKRANGE\Administrator 13241300x80000000000000007314Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1158SetValue2023-07-25 14:29:54.130{13E3B8D2-8948-64BF-C600-00000000F902}4448C:\Windows\Explorer.EXEHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHiddenDWORD (0x00000000)ATTACKRANGE\Administrator 13241300x80000000000000007313Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1158SetValue2023-07-25 14:29:54.130{13E3B8D2-8948-64BF-C600-00000000F902}4448C:\Windows\Explorer.EXEHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExtDWORD (0x00000000)ATTACKRANGE\Administrator 13241300x80000000000000007312Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localT1158SetValue2023-07-25 14:29:54.130{13E3B8D2-8948-64BF-C600-00000000F902}4448C:\Windows\Explorer.EXEHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HiddenDWORD (0x00000002)ATTACKRANGE\Administrator 13241300x80000000000000007311Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-SetValue2023-07-25 14:29:52.739{13E3B8D2-8948-64BF-C600-00000000F902}4448C:\Windows\Explorer.EXEHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{939D20AC-8036-406F-BD5C-BF672896BD71} {A08CE4D0-FA25-44AB-B57C-C7B1C323E0B9} 0xFFFFBinary DataATTACKRANGE\Administrator 13241300x80000000000000007304Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-SetValue2023-07-25 14:28:57.029{13E3B8D2-DC28-64BF-2408-00000000F902}6696C:\Program Files\Mozilla Firefox\pingsender.exeHKU\S-1-5-21-3884345684-401274181-143496042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnableDWORD (0x00000000)ATTACKRANGE\Administrator 13241300x80000000000000007146Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-DriverVerSetValue2023-07-25 13:59:30.390{13E3B8D2-873C-64BF-EB03-000000000000}4SystemHKLM\System\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}\0003\DriverVersion10.0.14393.0NT AUTHORITY\SYSTEM 13241300x80000000000000007145Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localInvDB-DriverVerSetValue2023-07-25 13:59:30.371{13E3B8D2-873C-64BF-EB03-000000000000}4SystemHKLM\System\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}\0003\DriverVersion10.0.14393.0NT AUTHORITY\SYSTEM