18141800x800000000000000035141Microsoft-Windows-Sysmon/OperationalMSEDGEWIN10.snapattack.labs-ConnectPipe2023-06-13 17:08:12.69543199D79-A244-6488-8A11-0000000011006412\vgauth-serviceC:\Users\snapattack\seatbelt.exeSNAPATTACK\snapattack 18141800x800000000000000035138Microsoft-Windows-Sysmon/OperationalMSEDGEWIN10.snapattack.labs-ConnectPipe2023-06-13 17:08:12.55443199D79-A244-6488-8A11-0000000011006412\ROUTERC:\Users\snapattack\seatbelt.exeSNAPATTACK\snapattack 18141800x800000000000000035135Microsoft-Windows-Sysmon/OperationalMSEDGEWIN10.snapattack.labs-ConnectPipe2023-06-13 17:08:12.41343199D79-A244-6488-8A11-0000000011006412\epmapperC:\Users\snapattack\seatbelt.exeSNAPATTACK\snapattack 18141800x800000000000000035134Microsoft-Windows-Sysmon/OperationalMSEDGEWIN10.snapattack.labs-ConnectPipe2023-06-13 17:08:12.40143199D79-A244-6488-8A11-0000000011006412\Ctx_WinStation_API_serviceC:\Users\snapattack\seatbelt.exeSNAPATTACK\snapattack 18141800x800000000000000035133Microsoft-Windows-Sysmon/OperationalMSEDGEWIN10.snapattack.labs-ConnectPipe2023-06-13 17:08:12.38243199D79-A244-6488-8A11-0000000011006412\atsvcC:\Users\snapattack\seatbelt.exeSNAPATTACK\snapattack 17141700x80000000000000001841Microsoft-Windows-Sysmon/OperationalSLABS-DC.snapattack.labs-CreatePipe2023-03-08 22:03:08.23897232C30-061C-6409-6606-0000000009022016\EasySystemC:\Users\Public\Documents\EasySystem.exeNT AUTHORITY\SYSTEM 18141800x8000000000000000143924Microsoft-Windows-Sysmon/Operationaldangrus.EvilEmpireDC.org-ConnectPipe2022-12-08 14:52:32.083CCB6DD18-F9F6-6391-5320-000000003D002500\PSHost.133149062785854590.9424.DefaultAppDomain.powershellC:\Users\HACK4L~1\AppData\Local\Temp\monkey_dir\Seatbelt.exeEVILEMPIREDC0\hack4life 17141700x80000000000000002946Microsoft-Windows-Sysmon/OperationalEC2AMAZ-7DETGRN-CreatePipe2025-03-20 14:36:30.520BD875050-27E1-67DC-5905-00000000C7026324\adprinterpipeC:\Program Files (x86)\AnyDesk-ad_b8144d09\AnyDesk-ad_b8144d09.exeEC2AMAZ-7DETGRN\user 17141700x800000000000000016232Microsoft-Windows-Sysmon/OperationalDC01.snapattack.labs-CreatePipe2024-07-08 15:29:50.616A5CDDB11-05EE-668C-542E-0000000007001328\adprinterpipeC:\Users\domainadmin\Desktop\AnyDesk.exesnapattack\domainadmin 18141800x800000000000000010957Microsoft-Windows-Sysmon/OperationalEC2AMAZ-J5R8T5M-ConnectPipe2024-03-07 21:51:17.304AF7BBE47-36D5-65EA-CF05-00000000C7023964\PARSEC-NPC:\Program Files\Parsec\parsecd.exeEC2AMAZ-J5R8T5M\user 17141700x80000000000000003014Microsoft-Windows-Sysmon/OperationalEC2AMAZ-J5R8T5M-CreatePipe2024-03-07 21:46:36.535AF7BBE47-35BC-65EA-6505-00000000C7026380\PARSEC_IPC_eceed7bdd869950dC:\Program Files\Parsec\parsecd.exeNT AUTHORITY\SYSTEM 18141800x80000000000000003015Microsoft-Windows-Sysmon/OperationalEC2AMAZ-J5R8T5M-ConnectPipe2024-03-07 21:46:36.535AF7BBE47-35BC-65EA-6505-00000000C7026380\PARSEC_IPC_eceed7bdd869950dC:\Program Files\Parsec\parsecd.exeNT AUTHORITY\SYSTEM 18141800x80000000000000002939Microsoft-Windows-Sysmon/OperationalEC2AMAZ-J5R8T5M-ConnectPipe2024-03-07 21:46:34.004AF7BBE47-35B9-65EA-6105-00000000C7028484\PARSEC-NPC:\Program Files\Parsec\parsecd.exeEC2AMAZ-J5R8T5M\user 17141700x80000000000000002199Microsoft-Windows-Sysmon/OperationalEC2AMAZ-J5R8T5M-CreatePipe2024-03-07 21:46:31.364AF7BBE47-35B7-65EA-4605-00000000C7026532\PARSEC-NPC:\Program Files\Parsec\pservice.exeNT AUTHORITY\SYSTEM 18141800x80000000000000007103Microsoft-Windows-Sysmon/OperationalEC2AMAZ-2RSGUKB-ConnectPipe2023-11-22 15:23:07.135BA130F33-1CC6-655E-220B-0000000095027608\ProtectedPrefix\Administrators\Tailscale\tailscaledC:\Program Files\Tailscale\tailscale-ipn.exeEC2AMAZ-2RSGUKB\user 18141800x80000000000000007011Microsoft-Windows-Sysmon/OperationalEC2AMAZ-2RSGUKB-ConnectPipe2023-11-22 15:23:06.623BA130F33-1CC6-655E-220B-0000000095027608\ProtectedPrefix\Administrators\Tailscale\tailscaledC:\Program Files\Tailscale\tailscale-ipn.exeEC2AMAZ-2RSGUKB\user 18141800x80000000000000006776Microsoft-Windows-Sysmon/OperationalEC2AMAZ-2RSGUKB-ConnectPipe2023-11-22 15:22:59.953BA130F33-1CC6-655E-220B-0000000095027608\ProtectedPrefix\Administrators\Tailscale\tailscaledC:\Program Files\Tailscale\tailscale-ipn.exeEC2AMAZ-2RSGUKB\user 18141800x80000000000000006628Microsoft-Windows-Sysmon/OperationalEC2AMAZ-2RSGUKB-ConnectPipe2023-11-22 15:22:53.167BA130F33-1CC6-655E-220B-0000000095027608\ProtectedPrefix\Administrators\Tailscale\tailscaledC:\Program Files\Tailscale\tailscale-ipn.exeEC2AMAZ-2RSGUKB\user 18141800x80000000000000003049Microsoft-Windows-Sysmon/OperationalEC2AMAZ-2RSGUKB-ConnectPipe2023-11-22 15:22:46.883BA130F33-1CC6-655E-220B-0000000095027608\ProtectedPrefix\Administrators\Tailscale\tailscaledC:\Program Files\Tailscale\tailscale-ipn.exeEC2AMAZ-2RSGUKB\user 18141800x80000000000000003047Microsoft-Windows-Sysmon/OperationalEC2AMAZ-2RSGUKB-ConnectPipe2023-11-22 15:22:46.878BA130F33-1CC6-655E-220B-0000000095027608\ProtectedPrefix\Administrators\Tailscale\tailscaledC:\Program Files\Tailscale\tailscale-ipn.exeEC2AMAZ-2RSGUKB\user 17141700x80000000000000002416Microsoft-Windows-Sysmon/OperationalEC2AMAZ-2RSGUKB-CreatePipe2023-11-22 15:22:45.246BA130F33-1CC5-655E-140B-0000000095028088\ProtectedPrefix\Administrators\Tailscale\tailscaledC:\Program Files\Tailscale\tailscaled.exeNT AUTHORITY\SYSTEM 18141800x80000000000000001754Microsoft-Windows-Sysmon/OperationalEC2AMAZ-2RSGUKB-ConnectPipe2023-11-22 15:22:42.473BA130F33-1CC2-655E-0C0B-0000000095027688\BurnPipe.{5E01FD79-766A-4023-AE0F-47C5CDFFD159}.CacheC:\Users\user\AppData\Local\Temp\2\{60E57E06-35F5-470F-8290-5DFB32B0E1C9}\.be\tailscale-setup-1.54.0.exeEC2AMAZ-2RSGUKB\user 18141800x80000000000000001753Microsoft-Windows-Sysmon/OperationalEC2AMAZ-2RSGUKB-ConnectPipe2023-11-22 15:22:42.418BA130F33-1CC2-655E-0C0B-0000000095027688\BurnPipe.{5E01FD79-766A-4023-AE0F-47C5CDFFD159}C:\Users\user\AppData\Local\Temp\2\{60E57E06-35F5-470F-8290-5DFB32B0E1C9}\.be\tailscale-setup-1.54.0.exeEC2AMAZ-2RSGUKB\user 17141700x80000000000000001658Microsoft-Windows-Sysmon/OperationalEC2AMAZ-2RSGUKB-CreatePipe2023-11-22 15:22:40.486BA130F33-1CBD-655E-050B-0000000095023200\BurnPipe.{5E01FD79-766A-4023-AE0F-47C5CDFFD159}.CacheC:\Users\user\AppData\Local\Temp\2\{76281D4E-EA45-4974-8090-BA5ACBC43497}\.cr\tailscale-setup-1.54.0.exeEC2AMAZ-2RSGUKB\user 17141700x80000000000000001657Microsoft-Windows-Sysmon/OperationalEC2AMAZ-2RSGUKB-CreatePipe2023-11-22 15:22:40.486BA130F33-1CBD-655E-050B-0000000095023200\BurnPipe.{5E01FD79-766A-4023-AE0F-47C5CDFFD159}C:\Users\user\AppData\Local\Temp\2\{76281D4E-EA45-4974-8090-BA5ACBC43497}\.cr\tailscale-setup-1.54.0.exeEC2AMAZ-2RSGUKB\user 18141800x80000000000000004656Microsoft-Windows-Sysmon/OperationalEC2AMAZ-2RSGUKB-ConnectPipe2023-11-20 15:14:50.536BA130F33-77CD-655B-5105-0000000095023792\winpty-conout-2016-2-1da1bc44e7c8817-8f7f33858ad708dfc2b7860916a7cde5C:\Program Files\Level\level.exeNT AUTHORITY\SYSTEM 18141800x80000000000000004655Microsoft-Windows-Sysmon/OperationalEC2AMAZ-2RSGUKB-ConnectPipe2023-11-20 15:14:50.536BA130F33-77CD-655B-5105-0000000095023792\winpty-conin-2016-1-1da1bc44e7c6098-64d80e7d29bc4db98d78eaa8b5b60f6dC:\Program Files\Level\level.exeNT AUTHORITY\SYSTEM 17141700x80000000000000004654Microsoft-Windows-Sysmon/OperationalEC2AMAZ-2RSGUKB-CreatePipe2023-11-20 15:14:50.517BA130F33-77EA-655B-6D05-0000000095022016\winpty-conout-2016-2-1da1bc44e7c8817-8f7f33858ad708dfc2b7860916a7cde5C:\Program Files\Level\winpty-agent.exeNT AUTHORITY\SYSTEM 17141700x80000000000000004653Microsoft-Windows-Sysmon/OperationalEC2AMAZ-2RSGUKB-CreatePipe2023-11-20 15:14:50.517BA130F33-77EA-655B-6D05-0000000095022016\winpty-conin-2016-1-1da1bc44e7c6098-64d80e7d29bc4db98d78eaa8b5b60f6dC:\Program Files\Level\winpty-agent.exeNT AUTHORITY\SYSTEM 18141800x80000000000000004652Microsoft-Windows-Sysmon/OperationalEC2AMAZ-2RSGUKB-ConnectPipe2023-11-20 15:14:50.516BA130F33-77EA-655B-6D05-0000000095022016\winpty-control-3792-1-1da1bc44e754bbb-3347313f35915477908c3c424dcf0de0C:\Program Files\Level\winpty-agent.exeNT AUTHORITY\SYSTEM 17141700x80000000000000004645Microsoft-Windows-Sysmon/OperationalEC2AMAZ-2RSGUKB-CreatePipe2023-11-20 15:14:50.470BA130F33-77CD-655B-5105-0000000095023792\winpty-control-3792-1-1da1bc44e754bbb-3347313f35915477908c3c424dcf0de0C:\Program Files\Level\level.exeNT AUTHORITY\SYSTEM 17141700x800000000000000017148Microsoft-Windows-Sysmon/OperationalEC2AMAZ-34S98QL-CreatePipe2023-10-30 14:31:27.934D4BC5266-BE3F-653F-000B-000000006C025720\adprinterpipeC:\Program Files (x86)\AnyDesk-f45e5af2_msi\AnyDesk-f45e5af2_msi.exeNT AUTHORITY\SYSTEM 17141700x800000000000000018520Microsoft-Windows-Sysmon/OperationalAITWSAP8NFSHOYS.aitne.intern-CreatePipe2023-04-18 10:26:48.464F89A5F86-7067-643E-740F-02000000070011968\adprinterpipeC:\Users\bryan.houwer-ext\Desktop\AnyDesk.exeaitne\bryan.houwer-ext 17141700x800000000000000018520Microsoft-Windows-Sysmon/OperationalAITWSAP8NFSHOYS.aitne.intern-CreatePipe2023-04-18 10:26:48.464F89A5F86-7067-643E-740F-02000000070011968\adprinterpipeC:\Users\bryan.houwer-ext\Desktop\AnyDesk.exeaitne\bryan.houwer-ext 17141700x80000000000000002635Microsoft-Windows-Sysmon/OperationalSLABS-DC.snapattack.labs-CreatePipe2023-03-16 23:24:46.416CF2FE148-A53D-6413-5E05-0000000039021200\adprinterpipeC:\Users\user\Desktop\AnyDesk.exeSNAPATTACK\user 17141700x8000000000000000163514Microsoft-Windows-Sysmon/Operationalwks01-vm.lab3.localdomain-CreatePipe2022-09-02 18:56:57.611A52FDC10-51F8-6312-0115-00000000200010028\adprinterpipeC:\Users\domuser.LAB3\Desktop\anydesk.exeLAB3\domuser 17141700x8000000000000000150686022Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-CreatePipe2022-02-01 23:02:29.651{3BF36828-BC05-61F9-A60D-02000000CF01}2032\PSEXESVCC:\Windows\PSEXESVC.exe