30affe4c-0050-c85a-198b-e7c06002c12c6ed8952f-d10a-4ec3-aac8-16a4b7acd821 13 2 4 13 0 0x8000000000000000 1588250 Microsoft-Windows-Sysmon/Operational WIN10-21H1.snapattack.labs - SetValue 2024-08-01 17:59:24.332 F51F9151-CCF0-66AB-510B-000000000C00 9184 c:\ProgramData\Onedrive.exe HKU\S-1-5-21-1538153195-943065003-848949206-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\General\PONT_STRING 32, WIN10-21H1\localuser 30affe4c-0050-c85a-198b-e7c06002c12c32cdda7d-2bb6-4ec6-ab43-012c32852e7d 1 5 4 1 0 0x8000000000000000 1588099 Microsoft-Windows-Sysmon/Operational WIN10-21H1.snapattack.labs - 2024-08-01 17:59:12.762 F51F9151-CCF0-66AB-510B-000000000C00 9184 C:\ProgramData\Onedrive.exe 25.031.0217.0003 Microsoft OneDrive Microsoft OneDrive Microsoft Corporation OneDrive.exe Onedrive.exe c:\ProgramData\ WIN10-21H1\localuser F51F9151-C815-66AB-9281-0E0000000000 0xe8192 2 High MD5=B8C558EC430EC9693CCBAE4C5BC5815B,SHA256=FCB6DC17F96AF2568D7FA97A6087E4539285141206185AEC5C85FA9CF73C9193,IMPHASH=B573D180C7D6F492B722BBAF15AA0B48 F51F9151-CCE0-66AB-4C0B-000000000C00 1628 C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" WIN10-21H1\localuser