11 2 4 11 0 0x8000000000000000 2304 Microsoft-Windows-Sysmon/Operational EC2AMAZ-7DETGRN - 2024-10-02 17:18:21.661 BD875050-8051-66FD-5505-00000000C702 4204 C:\Windows\system32\cmd.exe C:\Windows\System32\Tasks\imm32.dll 2024-10-02 17:18:21.661 EC2AMAZ-7DETGRN\user 13 2 4 13 0 0x8000000000000000 2683 Microsoft-Windows-Sysmon/Operational arrakis.snapattack.labs - SetValue 2022-07-11 16:56:03.771 D52145E4-4EC8-62CC-7803-000000000700 6624 C:\Windows\system32\dns.exe HKLM\System\CurrentControlSet\Services\DNS\Parameters\ServerLevelPluginDll \\192.168.86.5\files\dnsprivesc.dll NT AUTHORITY\SYSTEM 11 2 4 11 0 0x8000000000000000 118004 Microsoft-Windows-Sysmon/Operational WinDev2202Eval - 2022-04-21 08:49:58.866 CA80F5F2-1AA8-6261-2E0C-000000000E00 4336 C:\Users\User\Downloads\ProfSvcLPE.exe C:\Users\TEMP\AppData\Local\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.22000.1_none_271a8fad6a2d1b1e\comctl32.dll 2022-04-21 08:49:58.866 WINDEV2202EVAL\User 7 3 4 7 0 0x8000000000000000 118678 Microsoft-Windows-Sysmon/Operational WinDev2202Eval - 2022-04-21 08:49:59.741 CA80F5F2-1AB7-6261-3D0C-000000000E00 5356 C:\Windows\System32\Narrator.exe C:\Users\TEMP\AppData\Local\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll - - - - - MD5=38B51E8BF2735977CE5898CB3C9A374F,SHA256=EC7BBBE7E7E9A6A7A2ED844C8DA3AB68E449FEE564BA300B65DBF08910DC947D,IMPHASH=1CD7F8AE7F1F4C0F0289A841C3B9E2B8 false - Unavailable NT AUTHORITY\SYSTEM 1 5 4 1 0 0x8000000000000000 556605 Microsoft-Windows-Sysmon/Operational quadra.snapattack.labs - 2023-06-16 13:27:30.334 BD1BA16A-6342-648C-7C2F-000000001000 6380 E:\CefSub.exe 1,0,0,843 - - - - "E:\CefSub.exe" E:\ SNAPATTACK\snapattack BD1BA16A-9A80-6480-4FA2-3A0000000000 0x3aa24f 1 Medium MD5=ECFCF5AA6D8B07038CE9F5DA3F32AC23,SHA256=CB8A83B590893DAA9B02B8E1A1C9AFB68D6F2A82C9E0D2D2C63A36A510F6FDA3,IMPHASH=0C8ACABF5B3C8767726BAE981A422705 BD1BA16A-9A82-6480-5B01-000000001000 1880 C:\Windows\explorer.exe C:\Windows\Explorer.EXE SNAPATTACK\snapattack 10 3 4 10 0 0x8000000000000000 25858 Microsoft-Windows-Sysmon/Operational EC2AMAZ-1CL0VOR - 2022-07-27 15:02:00.359 09661227-5368-62E1-5405-00000000B901 10008 7464 C:\Windows\system32\services.exe 09661227-4FF1-62E1-0C00-00000000B901 788 C:\Windows\system32\lsass.exe 0x1410 C:\Windows\SYSTEM32\ntdll.dll+9feb4|C:\Windows\System32\KERNELBASE.dll+2126e|C:\Windows\System32\EventAggregation.dll+1580|C:\Windows\System32\EventAggregation.dll+1d12|C:\Windows\System32\EventAggregation.dll+203f|C:\Windows\SYSTEM32\ntdll.dll+25d37|C:\Windows\SYSTEM32\ntdll.dll+285e9|C:\Windows\SYSTEM32\ntdll.dll+28854|C:\Windows\SYSTEM32\ntdll.dll+2887e|C:\Windows\SYSTEM32\ntdll.dll+d5b1a|C:\Windows\SYSTEM32\ntdll.dll+7839b|C:\Windows\SYSTEM32\ntdll.dll+78223|C:\Windows\SYSTEM32\ntdll.dll+781ce NT AUTHORITY\SYSTEM NT AUTHORITY\SYSTEM 11 2 4 11 0 0x8000000000000000 2304 Microsoft-Windows-Sysmon/Operational EC2AMAZ-7DETGRN - 2024-10-02 17:18:21.661 BD875050-8051-66FD-5505-00000000C702 4204 C:\Windows\system32\cmd.exe C:\Windows\System32\Tasks\imm32.dll 2024-10-02 17:18:21.661 EC2AMAZ-7DETGRN\user 11 2 4 11 0 0x8000000000000000 118004 Microsoft-Windows-Sysmon/Operational WinDev2202Eval - 2022-04-21 08:49:58.866 CA80F5F2-1AA8-6261-2E0C-000000000E00 4336 C:\Users\User\Downloads\ProfSvcLPE.exe C:\Users\TEMP\AppData\Local\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.22000.1_none_271a8fad6a2d1b1e\comctl32.dll 2022-04-21 08:49:58.866 WINDEV2202EVAL\User 7 3 4 7 0 0x8000000000000000 118678 Microsoft-Windows-Sysmon/Operational WinDev2202Eval - 2022-04-21 08:49:59.741 CA80F5F2-1AB7-6261-3D0C-000000000E00 5356 C:\Windows\System32\Narrator.exe C:\Users\TEMP\AppData\Local\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll - - - - - MD5=38B51E8BF2735977CE5898CB3C9A374F,SHA256=EC7BBBE7E7E9A6A7A2ED844C8DA3AB68E449FEE564BA300B65DBF08910DC947D,IMPHASH=1CD7F8AE7F1F4C0F0289A841C3B9E2B8 false - Unavailable NT AUTHORITY\SYSTEM 10 3 4 10 0 0x8000000000000000 25858 Microsoft-Windows-Sysmon/Operational EC2AMAZ-1CL0VOR - 2022-07-27 15:02:00.359 09661227-5368-62E1-5405-00000000B901 10008 7464 C:\Windows\system32\services.exe 09661227-4FF1-62E1-0C00-00000000B901 788 C:\Windows\system32\lsass.exe 0x1410 C:\Windows\SYSTEM32\ntdll.dll+9feb4|C:\Windows\System32\KERNELBASE.dll+2126e|C:\Windows\System32\EventAggregation.dll+1580|C:\Windows\System32\EventAggregation.dll+1d12|C:\Windows\System32\EventAggregation.dll+203f|C:\Windows\SYSTEM32\ntdll.dll+25d37|C:\Windows\SYSTEM32\ntdll.dll+285e9|C:\Windows\SYSTEM32\ntdll.dll+28854|C:\Windows\SYSTEM32\ntdll.dll+2887e|C:\Windows\SYSTEM32\ntdll.dll+d5b1a|C:\Windows\SYSTEM32\ntdll.dll+7839b|C:\Windows\SYSTEM32\ntdll.dll+78223|C:\Windows\SYSTEM32\ntdll.dll+781ce NT AUTHORITY\SYSTEM NT AUTHORITY\SYSTEM