11 2 4 11 0 0x8000000000000000 538 Microsoft-Windows-Sysmon/Operational gammu.snapattack.labs - 2022-06-28 15:08:04.852 BD1BA16A-1953-62BB-3306-000000000700 6088 C:\Windows\wsmprovav.exe C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\wsmprovav[1].dll 2022-06-28 15:08:04.852 NT AUTHORITY\SYSTEM 13 2 4 13 0 0x8000000000000000 11982 Microsoft-Windows-Sysmon/Operational MSEDGEWIN10.snapattack.labs - SetValue 2022-08-17 19:48:26.316 43199D79-45E3-62FD-7E1D-000000000F00 1492 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe HKLM\System\CurrentControlSet\Control\NetworkProvider\Order\PROVIDERORDER vmhgfs,RDPNP,LanmanWorkstation,webclient,NPPSpy SNAPATTACK\snapattack 13 2 4 13 0 0x8000000000000000 2978 Microsoft-Windows-Sysmon/Operational EC2AMAZ-NNKUICG - SetValue 2022-06-15 13:09:29.638 5C68405B-D9C3-62A9-4505-00000000B001 1552 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe HKLM\System\CurrentControlSet\Services\NPPSpy\NetworkProvider\ProviderPath %%SystemRoot%%\System32\NPPSPY.dll EC2AMAZ-NNKUICG\user 11 2 4 11 0 0x8000000000000000 2485 Microsoft-Windows-Sysmon/Operational DESKTOP-O4UAANR - 2024-10-07 15:45:43.522 A2F0EB99-011D-6704-C411-000000000300 4988 C:\Windows\explorer.exe C:\Users\Administrator\Documents\WindowsPowershell\Modules\SmugglingCmdlet\SmugglingCmdlet.dll 2024-10-07 15:45:43.522 DESKTOP-O4UAANR\Administrator 7 3 4 7 0 0x8000000000000000 23881 Microsoft-Windows-Sysmon/Operational dc03-vm.lab3.localdomain - 2022-09-02 19:25:00.026 CFDD709A-588C-6312-911A-000000000A00 10700 \\dc03-vm.lab3.localdomain\SYSVOL\lab3.localdomain\scripts\Conti.exe \\dc03-vm.lab3.localdomain\SYSVOL\lab3.localdomain\scripts\Conti.exe - - - - - MD5=290C7DFB01E50CEA9E19DA81A781AF2C,SHA256=53B1C1B2F41A7FC300E97D036E57539453FF82001DD3F6ABF07F4896B1F9CA22,IMPHASH=23F815785DB238377F4513BE54DBA574 false - Unavailable LAB3\labadmin3 11 2 4 11 0 0x8000000000000000 1259 Microsoft-Windows-Sysmon/Operational SLABS-DC.snapattack.labs - 2023-03-16 23:24:55.392 CF2FE148-A533-6413-3405-000000003902 6880 C:\Users\user\AppData\Roaming\autosnap\pybas.exe C:\Users\user\AppData\Local\Temp\_MEI68802\atomic-red-team\atomics\T1137.006\bin\Addins\excelxll_x64.xll 2023-03-16 23:24:55.392 SNAPATTACK\user 7 3 4 7 0 0x8000000000000000 23881 Microsoft-Windows-Sysmon/Operational dc03-vm.lab3.localdomain - 2022-09-02 19:25:00.026 CFDD709A-588C-6312-911A-000000000A00 10700 \\dc03-vm.lab3.localdomain\SYSVOL\lab3.localdomain\scripts\Conti.exe \\dc03-vm.lab3.localdomain\SYSVOL\lab3.localdomain\scripts\Conti.exe - - - - - MD5=290C7DFB01E50CEA9E19DA81A781AF2C,SHA256=53B1C1B2F41A7FC300E97D036E57539453FF82001DD3F6ABF07F4896B1F9CA22,IMPHASH=23F815785DB238377F4513BE54DBA574 false - Unavailable LAB3\labadmin3