23 5 4 23 0 0x8000000000000000 1590823 Microsoft-Windows-Sysmon/Operational WIN10-21H1.snapattack.labs - 2024-10-10 15:29:22.929 F51F9151-F292-6707-020C-000000001200 9360 WIN10-21H1\localuser C:\Users\localuser\filesystemeop\PoC-main\FilesystemEoPs\x64\Debug\FolderOrFileDeleteToSystem.exe C:\Config.Msi\1a6db9.rbs MD5=2060E7D7C5C70D83FB0A2842E7C1FCFA,SHA256=DF245D3D084A8C00E0E78A0C32605B92AA5906A7155BD49FFDF0C9A99608ADB6,IMPHASH=00000000000000000000000000000000 false true 4688 2 0 13312 0 0x8020000000000000 1248813 Security WIN10-21H1.snapattack.labs S-1-5-21-1538153195-943065003-848949206-1000 localuser WIN10-21H1 0x28cf75 0x14e4 C:\Windows\System32\msiexec.exe %%1936 0xba4 msiexec.exe /f c:\Windows\installer\17d6b.msi S-1-0-0 - - 0x0 C:\Windows\System32\cmd.exe S-1-16-12288 23 5 4 23 0 0x8000000000000000 1590823 Microsoft-Windows-Sysmon/Operational WIN10-21H1.snapattack.labs - 2024-10-10 15:29:22.929 F51F9151-F292-6707-020C-000000001200 9360 WIN10-21H1\localuser C:\Users\localuser\filesystemeop\PoC-main\FilesystemEoPs\x64\Debug\FolderOrFileDeleteToSystem.exe C:\Config.Msi\1a6db9.rbs MD5=2060E7D7C5C70D83FB0A2842E7C1FCFA,SHA256=DF245D3D084A8C00E0E78A0C32605B92AA5906A7155BD49FFDF0C9A99608ADB6,IMPHASH=00000000000000000000000000000000 false true