3452f4fb-5078-3a81-45b2-c3359975eb38fe90fc74-0255-4679-b409-f84fddb60d68 7 3 4 7 0 0x8000000000000000 45434 Microsoft-Windows-Sysmon/Operational DC01.snapattack.labs - 2025-08-20 17:06:13.686 A5CDDB11-0085-68A6-D71E-000000000A00 12792 C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe C:\Windows\Temp\evil.dll - - - - - MD5=5EAE41BDD11069533555A9D165C8D128,SHA256=4879D5B773FAAE746AA084257B79CBAAB3025FABE77766DDB1C3CC18AF20BCAC,IMPHASH=160FE6B70B3A4640421B20A63DC1071B false - Unavailable snapattack\domainadmin 3452f4fb-5078-3a81-45b2-c3359975eb38a8ede09d-68cd-4240-8c78-025a5254c3b9 1 5 4 1 0 0x8000000000000000 45431 Microsoft-Windows-Sysmon/Operational DC01.snapattack.labs - 2025-08-20 17:06:13.686 A5CDDB11-0085-68A6-D81E-000000000A00 12144 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 10.0.20348.1 (WinBuild.160101.0800) Windows PowerShell Microsoft® Windows® Operating System Microsoft Corporation PowerShell.EXE powershell.exe -c calc.exe C:\Windows\system32\ snapattack\domainadmin A5CDDB11-E092-68A5-FE91-140000000000 0x1491fe 1 High MD5=2E0CCB27064856E3D55017FA2D33A7B9,SHA256=1C84C8632C5269F24876ED9F49FA810B49F77E1E92E8918FC164C34B020F9A94,IMPHASH=BF7A6E7A62C3F5B2E8E069438AC1DD3D A5CDDB11-0085-68A6-D71E-000000000A00 12792 C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe -Embedding snapattack\domainadmin 3452f4fb-5078-3a81-45b2-c3359975eb3821a875fb-f96e-4af3-b6ec-8cc44340c3e9 1 5 4 1 0 0x8000000000000000 45427 Microsoft-Windows-Sysmon/Operational DC01.snapattack.labs - 2025-08-20 17:06:13.657 A5CDDB11-0085-68A6-D71E-000000000A00 12792 C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe 10.0.20348.1 (WinBuild.160101.0800) Speech Runtime Executable Microsoft® Windows® Operating System Microsoft Corporation SpeechRuntime.exe C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe -Embedding C:\Windows\system32\ snapattack\domainadmin A5CDDB11-E092-68A5-FE91-140000000000 0x1491fe 1 High MD5=4C60EC4CEA2EA708DEE55C5C951C9446,SHA256=8BF78F82C0E5E321769BE6AC46A4E9C9A04C425445FB96DAE1C9C13838ECEDA5,IMPHASH=336C531AB53A9284EBB3BBFFB04A3202 A5CDDB11-A814-68A5-0D00-000000000A00 856 C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p NT AUTHORITY\SYSTEM