4104 1 5 2 15 0x0 62805 Microsoft-Windows-PowerShell/Operational quadra.snapattack.labs 1 1 Start-Job -ScriptBlock {while($true){& "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All; start-sleep -Milliseconds 500;}} 2dc75378-33fd-44e5-ba12-56232800e3c9 4688 2 0 13312 0 0x8020000000000000 149814 Security EC2AMAZ-2RSGUKB S-1-5-21-3081580237-2860106967-1440473398-1009 user EC2AMAZ-2RSGUKB 0x38f62 0x1700 C:\Users\user\Downloads\EDRSilencer.exe %%1937 0x1d6c "C:\Users\user\Downloads\EDRSilencer.exe" block C:\windows\system32\mspaint.exe S-1-0-0 - - 0x0 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe S-1-16-12288 13 2 4 13 0 0x8000000000000000 7061 Microsoft-Windows-Sysmon/Operational EC2AMAZ-2RSGUKB - SetValue 2023-11-22 15:23:06.879 BA130F33-1CC5-655E-140B-000000009502 8088 C:\Program Files\Tailscale\tailscaled.exe HKLM\System\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig\{28E0F186-669F-414D-BB5C-1E5D639D7507}\GenericDNSServers 100.100.100.100 NT AUTHORITY\SYSTEM 12 2 4 12 0 0x8000000000000000 69088 Microsoft-Windows-Sysmon/Operational quadra.snapattack.labs - DeleteKey 2022-12-05 18:46:12.740 BD1BA16A-3C5F-638E-2511-000000000F00 6360 C:\Windows\System32\MsiExec.exe HKLM\SYSTEM\CrowdStrike NT AUTHORITY\SYSTEM 13 2 4 13 0 0x8000000000000000 1601770 Microsoft-Windows-Sysmon/Operational WIN10-21H1.snapattack.labs - SetValue 2024-11-12 14:50:37.708 F51F9151-1EDC-6733-2300-000000000F00 1640 C:\Windows\system32\svchost.exe HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{19876A6F-6871-4C48-A9EB-B1FFF949759C} v2.30|Action=Block|Active=TRUE|Dir=In|App=C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe|Name=wYLqwn43kCmugxYqisuL|Desc=wYLqwn43kCmugxYqisuL| NT AUTHORITY\LOCAL SERVICE 4104 1 5 2 15 0x0 62805 Microsoft-Windows-PowerShell/Operational quadra.snapattack.labs 1 1 Start-Job -ScriptBlock {while($true){& "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All; start-sleep -Milliseconds 500;}} 2dc75378-33fd-44e5-ba12-56232800e3c9 12 2 4 12 0 0x8000000000000000 69088 Microsoft-Windows-Sysmon/Operational quadra.snapattack.labs - DeleteKey 2022-12-05 18:46:12.740 BD1BA16A-3C5F-638E-2511-000000000F00 6360 C:\Windows\System32\MsiExec.exe HKLM\SYSTEM\CrowdStrike NT AUTHORITY\SYSTEM