154100x8000000000000000246399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-657.attackrange.local-2022-11-30 15:34:54.628{89C4FCAF-781E-6387-DC17-000000009402}3408C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exereg query HKLM\SYSTEM\CurrentControlSet\Services\SNMP /sC:\Users\Public\ATTACKRANGE\Administrator{89C4FCAF-46B7-6387-1220-3C0000000000}0x3c20122HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{89C4FCAF-57DF-6387-6308-000000009402}5892C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Users\Public"
154100x8000000000000000150686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-657.attackrange.local-2022-11-30 13:20:43.881{89C4FCAF-58AB-6387-2414-000000009402}2760C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exereg query HKCU\Software\OpenSSH\Agent\Keys /s C:\Documents and Settings\ATTACKRANGE\Administrator{89C4FCAF-46B7-6387-1220-3C0000000000}0x3c20122HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{89C4FCAF-57DF-6387-6308-000000009402}5892C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Users\Public"
154100x8000000000000000150669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-657.attackrange.local-2022-11-30 13:20:43.855{89C4FCAF-58AB-6387-2314-000000009402}6048C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exereg query HKCU\Software\SimonTatham\PuTTY\Sessions /s C:\Documents and Settings\ATTACKRANGE\Administrator{89C4FCAF-46B7-6387-1220-3C0000000000}0x3c20122HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{89C4FCAF-57DF-6387-6308-000000009402}5892C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Users\Public"
154100x8000000000000000150652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-657.attackrange.local-2022-11-30 13:20:43.835{89C4FCAF-58AB-6387-2214-000000009402}5208C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exereg query HKCU\Software\TightVNC\Server C:\Documents and Settings\ATTACKRANGE\Administrator{89C4FCAF-46B7-6387-1220-3C0000000000}0x3c20122HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{89C4FCAF-57DF-6387-6308-000000009402}5892C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Users\Public"
154100x8000000000000000150635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-657.attackrange.local-2022-11-30 13:20:43.807{89C4FCAF-58AB-6387-2114-000000009402}4512C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exereg query HKLM\SYSTEM\CurrentControlSet\Services\SNMP /s C:\Documents and Settings\ATTACKRANGE\Administrator{89C4FCAF-46B7-6387-1220-3C0000000000}0x3c20122HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{89C4FCAF-57DF-6387-6308-000000009402}5892C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Users\Public"
154100x8000000000000000150583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-657.attackrange.local-2022-11-30 13:20:43.684{89C4FCAF-58AB-6387-1E14-000000009402}4748C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exereg query HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 /v password C:\Documents and Settings\ATTACKRANGE\Administrator{89C4FCAF-46B7-6387-1220-3C0000000000}0x3c20122HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{89C4FCAF-57DF-6387-6308-000000009402}5892C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Users\Public"
154100x8000000000000000150566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-657.attackrange.local-2022-11-30 13:20:43.637{89C4FCAF-58AB-6387-1D14-000000009402}6076C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exereg query HKCU\Software\ORL\WinVNC3\Password C:\Documents and Settings\ATTACKRANGE\Administrator{89C4FCAF-46B7-6387-1220-3C0000000000}0x3c20122HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{89C4FCAF-57DF-6387-6308-000000009402}5892C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Users\Public"