11 2 4 11 0 0x8000000000000000 11900 Microsoft-Windows-Sysmon/Operational WIN-BM5RC4SJEO0.snapattack.labs - 2023-06-07 18:35:24.699 977D2910-CDEB-6480-0F09-000000000600 8100 c:\windows\system32\inetsrv\w3wp.exe C:\MOVEitTransfer\wwwroot\human2.aspx 2023-06-07 18:35:24.699 WIN-BM5RC4SJEO0\moveitsvc 11 2 4 11 0 0x8000000000000000 40699 Microsoft-Windows-Sysmon/Operational VIDM.snapattack.labs - 2022-05-26 14:59:38.210 5C68405B-95D9-628F-FA09-00000000B601 6452 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\VMware\VMwareIdentityManager\opt\vmware\horizon\workspace\webapps\cas\static\cmd.jsp 2022-05-26 14:59:38.210 NT AUTHORITY\SYSTEM 11 2 4 11 0 0x8000000000000000 11937 Microsoft-Windows-Sysmon/Operational WIN-BM5RC4SJEO0.snapattack.labs - 2023-06-07 18:35:30.782 977D2910-CDF2-6480-1009-000000000600 6824 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\9a11d1d0\5debd404\App_Web_4luzrauo.dll 2023-06-07 18:35:30.782 WIN-BM5RC4SJEO0\moveitsvc 1 5 4 1 0 0x8000000000000000 20576 Microsoft-Windows-Sysmon/Operational quadra.snapattack.labs - 2023-09-26 18:29:03.368 BD1BA16A-22EF-6513-EE0A-000000001300 5536 C:\Windows\System32\whoami.exe 10.0.19041.1 (WinBuild.160101.0800) whoami - displays logged on user information Microsoft® Windows® Operating System Microsoft Corporation whoami.exe whoami C:\Program Files\Openfire\bin\ NT AUTHORITY\SYSTEM BD1BA16A-2160-6513-E703-000000000000 0x3e7 0 System MD5=A4A6924F3EAF97981323703D38FD99C4,SHA256=1D4902A04D99E8CCBFE7085E63155955FEE397449D386453F6C452AE407B8743,IMPHASH=7FF0758B766F747CE57DFAC70743FB88 BD1BA16A-2165-6513-5600-000000001300 3348 C:\Program Files\Openfire\bin\openfire-service.exe "C:\Program Files\Openfire\bin\openfire-service.exe" Openfire __i4j_restart NT AUTHORITY\SYSTEM 1 5 4 1 0 0x8000000000000000 20443 Microsoft-Windows-Sysmon/Operational win10-base - 2022-03-04 04:30:26.399 B50C7A1E-95E2-6221-4A22-000000002E00 3760 C:\Windows\System32\cmd.exe 10.0.19041.546 (WinBuild.160101.0800) Windows Command Processor Microsoft® Windows® Operating System Microsoft Corporation Cmd.Exe cmd.exe /s /c "cmd /C "cwd" 2>&1" C:\xampp\htdocs\dvwa\hackable\uploads\ WIN10-BASE\user B50C7A1E-4019-6221-1230-080000000000 0x83012 2 Medium MD5=321A50053155122E6ACE9691197A8E3F,SHA256=100348552B388AB5D0095BB09EBF0EBC22668092FB8E0F92AC7ED5909492B4F6,IMPHASH=272245E2988E1E430500B852C4FB5E18 B50C7A1E-9359-6221-871D-000000002E00 1836 C:\xampp\apache\bin\httpd.exe C:\xampp\apache\bin\httpd.exe -d C:/xampp/apache WIN10-BASE\user 11 2 4 11 0 0x8000000000000000 145 Microsoft-Windows-Sysmon/Operational server.snapattack.labs - 2024-03-05 16:08:46.562 D52145E4-3B31-65E7-8300-000000000500 4956 c:\TeamCity\jre\bin\java.exe C:\ProgramData\JetBrains\TeamCity\plugins\ED6gWxnM.zip 2024-03-05 16:08:46.562 NT AUTHORITY\SYSTEM 11 2 4 11 0 0x8000000000000000 11900 Microsoft-Windows-Sysmon/Operational WIN-BM5RC4SJEO0.snapattack.labs - 2023-06-07 18:35:24.699 977D2910-CDEB-6480-0F09-000000000600 8100 c:\windows\system32\inetsrv\w3wp.exe C:\MOVEitTransfer\wwwroot\human2.aspx 2023-06-07 18:35:24.699 WIN-BM5RC4SJEO0\moveitsvc 1 5 4 1 0 0x8000000000000000 20576 Microsoft-Windows-Sysmon/Operational quadra.snapattack.labs - 2023-09-26 18:29:03.368 BD1BA16A-22EF-6513-EE0A-000000001300 5536 C:\Windows\System32\whoami.exe 10.0.19041.1 (WinBuild.160101.0800) whoami - displays logged on user information Microsoft® Windows® Operating System Microsoft Corporation whoami.exe whoami C:\Program Files\Openfire\bin\ NT AUTHORITY\SYSTEM BD1BA16A-2160-6513-E703-000000000000 0x3e7 0 System MD5=A4A6924F3EAF97981323703D38FD99C4,SHA256=1D4902A04D99E8CCBFE7085E63155955FEE397449D386453F6C452AE407B8743,IMPHASH=7FF0758B766F747CE57DFAC70743FB88 BD1BA16A-2165-6513-5600-000000001300 3348 C:\Program Files\Openfire\bin\openfire-service.exe "C:\Program Files\Openfire\bin\openfire-service.exe" Openfire __i4j_restart NT AUTHORITY\SYSTEM 1 5 4 1 0 0x8000000000000000 20443 Microsoft-Windows-Sysmon/Operational win10-base - 2022-03-04 04:30:26.399 B50C7A1E-95E2-6221-4A22-000000002E00 3760 C:\Windows\System32\cmd.exe 10.0.19041.546 (WinBuild.160101.0800) Windows Command Processor Microsoft® Windows® Operating System Microsoft Corporation Cmd.Exe cmd.exe /s /c "cmd /C "cwd" 2>&1" C:\xampp\htdocs\dvwa\hackable\uploads\ WIN10-BASE\user B50C7A1E-4019-6221-1230-080000000000 0x83012 2 Medium MD5=321A50053155122E6ACE9691197A8E3F,SHA256=100348552B388AB5D0095BB09EBF0EBC22668092FB8E0F92AC7ED5909492B4F6,IMPHASH=272245E2988E1E430500B852C4FB5E18 B50C7A1E-9359-6221-871D-000000002E00 1836 C:\xampp\apache\bin\httpd.exe C:\xampp\apache\bin\httpd.exe -d C:/xampp/apache WIN10-BASE\user