Hello,
I ran the Test-ProxyLogon.ps1 script and it found the following: Does this mean a successful infiltration?
ComputerName Type Path Name
ServerName SuspiciousArchive C:\ProgramData\Symantec\Symantec Endpoint Protection\14.2.758.0000.105\Data\Lue\Downloads\sepc$20virus$20r$20definitions$20sds$20win64$20$28x64$29$2014.2_microdefsb.curdefs_symalllanguages_livetri.zip sepc$20virus$20r$20definitions$20sds$20win64$20$28x64$29$2014.2_microdefsb.curdefs_symalllanguages_livetri.zip
ServerName SuspiciousArchive C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Lue\Downloads\sepc$20virus$20r$20definitions$20sds$20win64$20$28x64$29$2014.2_microdefsb.curdefs_symalllanguages_livetri.zip sepc$20virus$20r$20definitions$20sds$20win64$20$28x64$29$2014.2_microdefsb.curdefs_symalllanguages_livetri.zip
DateTime RequestId ClientIpAddress UrlHost UrlStem RoutingHint UserAgent AnchorMailbox HttpStatus
2021-02-28T16:20:52.341Z 8fa1a7b1-bd5f-44d8-9ef4-10c6b0ae7b43 161.35.1.225 XXXXX /ecp/y.js X-BEResource-Cookie ExchangeServicesClient/0.0.0.0 ServerInfo~a]@ServerName.Domain.com:444/autodiscover/autodiscover.xml?# 200
2021-03-02T21:33:29.638Z 2aa1217f-aa0f-4fb6-9dbe-0c149567b369 157.230.221.198 XXXXX /ecp/y.js X-BEResource-Cookie ExchangeServicesClient/0.0.0.0 ServerInfo~a]@ServerName.Domain.com:444/autodiscover/autodiscover.xml?# 200
2021-03-02T21:33:30.090Z ebf6f67f-5a9c-4526-92ef-72872c2c8301 157.230.221.198 XXXXX /ecp/y.js X-BEResource-Cookie Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/74.0.3729.169 Safari/537.36 ServerInfo~a]@ServerName.Domain.com:444/mapi/emsmdb/?# 200
2021-03-02T21:33:30.622Z 5fe8933f-6905-4b00-acd9-dfa719f4188a 157.230.221.198 XXXXX /ecp/y.js X-BEResource-Cookie Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/74.0.3729.169 Safari/537.36 ServerInfo~a]@ServerName.Domain.com:444/ecp/proxyLogon.ecp?# 241
2021-03-02T21:33:33.627Z c3bdeadd-32fe-4e3b-9857-7ba8a5374f44 157.230.221.198 XXXXX /ecp/y.js X-BEResource-Cookie Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/74.0.3729.169 Safari/537.36 ServerInfo~a]@ServerName.Domain.com:444/ecp/DDI/DDIService.svc/GetObject?msExchEcpCanary=mfN2bmbO5UqiyRYhqwafZstCyydV39gIVtfzAUzHN1ciP2FdY7zZlGDljo6-njXdZps86Y-dVDk.&schema=OABVirtualDirectory# 500
2021-03-07T01:12:22.924Z 58435659-e4e0-4cc2-9920-fa055e6bc5b5 159.89.95.163 localhost /ecp/default.flt X-BEResource-Cookie Mozilla/5.0 zgrab/0.x ServerInfo~localhost/owa/auth/logon.aspx? 500
2021-03-07T01:12:22.926Z 58435659-e4e0-4cc2-9920-fa055e6bc5b5 159.89.95.163 XXXXX /owa/auth/x.js X-AnonResource-Backend-Cookie Mozilla/5.0 zgrab/0.x ServerInfo~localhost/ecp/default.flt? 500
Thanks