11241100x800000000000000029482Microsoft-Windows-Sysmon/OperationalWIN11-22H2-X64.snapattack.labs -2026-04-24 13:41:13.719AC4C5E18-72CB-69EB-0D08-000000000F0010612C:\Users\localuser\Desktop\RedS.exeC:\Windows\System32\LogFiles\CloudFiles\CldFlt0.etl2026-04-24 13:41:13.719WIN11-22H2-X64\localuser 154100x800000000000000029505Microsoft-Windows-Sysmon/OperationalWIN11-22H2-X64.snapattack.labs -2026-04-24 13:41:14.364AC4C5E18-72FA-69EB-1808-000000000F0010224C:\Windows\System32\cmd.exe10.0.22621.317 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\System32\cmd.exeC:\Windows\system32\NT AUTHORITY\SYSTEMAC4C5E18-461D-678E-E703-0000000000000x3e71SystemMD5=490924D7AFA1EB8E2B389FC945D46571,SHA256=AA226BE2448B827E48DD255521130B2A7CA0A5168B84FE2240275C039421493B,IMPHASH=D73E39DAB3C8B57AA408073D01254964AC4C5E18-72FA-69EB-1708-000000000F0011204C:\Windows\System32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exeNT AUTHORITY\SYSTEM 10341000x800000000000000029476Microsoft-Windows-Sysmon/OperationalWIN11-22H2-X64.snapattack.labs -2026-04-24 13:41:13.609AC4C5E18-72EE-69EB-1108-000000000F00100605148C:\Windows\system32\vssvc.exeAC4C5E18-48A1-678E-0302-000000000F0010012C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26030.3011-0\MsMpEng.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9f234|C:\Windows\System32\KERNELBASE.dll+3212e|C:\Windows\system32\vssvc.exe+c75c3|C:\Windows\system32\vssvc.exe+5d911|C:\Windows\system32\vssvc.exe+5aa58|C:\Windows\system32\vssvc.exe+47dd9|C:\Windows\system32\vssvc.exe+48cd9|C:\Windows\system32\vssvc.exe+47643|C:\Windows\System32\combase.dll+8bb6c|C:\Windows\System32\combase.dll+8b8f3|C:\Windows\System32\combase.dll+d6697|C:\Windows\System32\combase.dll+d6313|C:\Windows\System32\combase.dll+5c880|C:\Windows\System32\combase.dll+6b33e|C:\Windows\system32\vssvc.exe+488e4|C:\Windows\system32\vssvc.exe+49d0a|C:\Windows\system32\vssvc.exe+4a239|C:\Windows\System32\msvcrt.dll+3e634|C:\Windows\System32\msvcrt.dll+3e70c|C:\Windows\System32\KERNEL32.DLL+1244d|C:\Windows\SYSTEM32\ntdll.dll+5df78NT AUTHORITY\SYSTEMNT AUTHORITY\SYSTEM 10341000x80000000000000001590319Microsoft-Windows-Sysmon/OperationalWIN10-21H1.snapattack.labs -2026-04-21 17:43:16.389F51F9151-B626-69E7-9408-000000000C00113162740C:\Windows\system32\vssvc.exeF51F9151-8F0F-66AB-5100-000000000C003368C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d234|C:\Windows\System32\KERNELBASE.dll+2c0fe|C:\Windows\system32\vssvc.exe+c8473|C:\Windows\system32\vssvc.exe+5e227|C:\Windows\system32\vssvc.exe+5b540|C:\Windows\system32\vssvc.exe+4900d|C:\Windows\system32\vssvc.exe+49f24|C:\Windows\system32\vssvc.exe+4884d|C:\Windows\System32\combase.dll+59b3f|C:\Windows\System32\combase.dll+59951|C:\Windows\System32\combase.dll+46e71|C:\Windows\System32\combase.dll+45d5b|C:\Windows\System32\combase.dll+a3f6f|C:\Windows\System32\combase.dll+dee80|C:\Windows\system32\vssvc.exe+49b2d|C:\Windows\system32\vssvc.exe+4af05|C:\Windows\system32\vssvc.exe+4b429|C:\Windows\System32\msvcrt.dll+3af5a|C:\Windows\System32\msvcrt.dll+3b02c|C:\Windows\System32\KERNEL32.DLL+17034|C:\Windows\SYSTEM32\ntdll.dll+52651NT AUTHORITY\SYSTEMNT AUTHORITY\SYSTEM 734700x8000000000000000117009Microsoft-Windows-Sysmon/OperationalWIN11-22H2-X64.snapattack.labs -2026-05-19 10:12:00.464AC4C5E18-3770-6A0C-6906-0000000010003944C:\Users\localuser\Desktop\PoC_AbortHydration_ArbitraryRegKey_EoP.exeC:\Windows\System32\cldapi.dll10.0.22621.1 (WinBuild.160101.0800)Cloud API user mode APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcldapi.dllMD5=B5C4755E652FC2249FF58E26FA1E85B5,SHA256=30B1D00932F78EEF2168AF2F827892C9B012EB69020E541500E6E66CBAD9C3F4,IMPHASH=68938783C9522B6F447B4BDE059ED36BtrueMicrosoft WindowsValidWIN11-22H2-X64\localuser