154100x800000000000000026874Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-09-06 10:40:30.199{539407B1-571E-64F8-5D07-000000000803}4020C:\Windows\System32\PING.EXE10.0.14393.0 (rs1_release.160715-1616)TCP/IP Ping CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationping.exeping 0C:\Program Files\ansible\sysmon\ATTACKRANGE\Administrator{539407B1-4166-64F8-AE19-060000000000}0x619ae2HighMD5=7B647B55695ACE1E99158F79AB3AF51A,SHA256=ED7FA5B3CCBDD31A9E83F7C59F78AB5E2C83C7FEEDCC5F8B95948D11EBD7FF34,IMPHASH=5AAE2D3679223F82E19660D380B78FB5{539407B1-4C68-64F8-5E06-000000000803}5572C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Program Files\ansible\sysmon"ATTACKRANGE\Administrator 154100x800000000000000026851Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-09-06 10:40:18.152{539407B1-5712-64F8-5C07-000000000803}4072C:\Windows\System32\PING.EXE10.0.14393.0 (rs1_release.160715-1616)TCP/IP Ping CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationping.exeping 127.0.0.1C:\Program Files\ansible\sysmon\ATTACKRANGE\Administrator{539407B1-4166-64F8-AE19-060000000000}0x619ae2HighMD5=7B647B55695ACE1E99158F79AB3AF51A,SHA256=ED7FA5B3CCBDD31A9E83F7C59F78AB5E2C83C7FEEDCC5F8B95948D11EBD7FF34,IMPHASH=5AAE2D3679223F82E19660D380B78FB5{539407B1-4C68-64F8-5E06-000000000803}5572C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Program Files\ansible\sysmon"ATTACKRANGE\Administrator 154100x800000000000000013707Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-09-06 09:58:58.490{539407B1-4D62-64F8-8006-000000000803}5520C:\Windows\SysWOW64\PING.EXE10.0.14393.0 (rs1_release.160715-1616)TCP/IP Ping CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationping.exeping 0 -n 2 C:\Users\Administrator\Downloads\BuilderNjRat\njRAT v0.7\ATTACKRANGE\Administrator{539407B1-4166-64F8-AE19-060000000000}0x619ae2HighMD5=8CA6D537FD710AC4A2E5668877345C12,SHA256=BDC34D4260925E54B84395B8167CA5D6F9C4AA2E047221C14F7736DDDEB13906,IMPHASH=0EB64EACA8C951D760EEA1A941A2A3F7{539407B1-4D62-64F8-7D06-000000000803}6840C:\Windows\SysWOW64\cmd.execmd.exe /c ping 0 -n 2 & del "C:\Users\Administrator\server.exe"ATTACKRANGE\Administrator 154100x800000000000000013615Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-09-06 09:58:58.400{539407B1-4D62-64F8-7D06-000000000803}6840C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Execmd.exe /c ping 0 -n 2 & del "C:\Users\Administrator\server.exe"C:\Users\Administrator\Downloads\BuilderNjRat\njRAT v0.7\ATTACKRANGE\Administrator{539407B1-4166-64F8-AE19-060000000000}0x619ae2HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F,IMPHASH=B20DE9D5F257E3C5BDD2834F89FC042A{539407B1-4A25-64F8-1B06-000000000803}3332C:\Users\Administrator\server.exe"C:\Users\Administrator\server.exe" ATTACKRANGE\Administrator 154100x80000000000000006947Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-09-06 09:17:40.429{539407B1-43B4-64F8-5101-000000000803}5464C:\Program Files\Mozilla Firefox\pingsender.exe117.0-FirefoxMozilla Foundationpingsender.exe"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/2ad5bee1-0646-4e21-aad1-4e2293a11f46/new-profile/Firefox/117.0/release/20230824132758?v=4 C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v0gesmk4.default-release\saved-telemetry-pings\2ad5bee1-0646-4e21-aad1-4e2293a11f46 https://incoming.telemetry.mozilla.org/submit/telemetry/d7545307-ee8d-4bcb-a648-0e6e1a3f3b98/event/Firefox/117.0/release/20230824132758?v=4 C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v0gesmk4.default-release\saved-telemetry-pings\d7545307-ee8d-4bcb-a648-0e6e1a3f3b98 https://incoming.telemetry.mozilla.org/submit/telemetry/e06434da-0155-43fc-a69e-d14b4a11448d/first-shutdown/Firefox/117.0/release/20230824132758?v=4 C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v0gesmk4.default-release\saved-telemetry-pings\e06434da-0155-43fc-a69e-d14b4a11448dC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{539407B1-4166-64F8-AE19-060000000000}0x619ae2MediumMD5=CDA18433037F1BFA16C46FEA55F8A358,SHA256=E54C410C4D86178CE39397D811F7E44DC616FB81070434703A6CBF38483A6028,IMPHASH=F84029681F81FED23E3E067364DA1699{539407B1-419E-64F8-E100-000000000803}5664C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"ATTACKRANGE\Administrator 154100x80000000000000006619Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-09-06 09:09:16.460{539407B1-41BC-64F8-FB00-000000000803}6368C:\Program Files\Mozilla Firefox\pingsender.exe117.0-FirefoxMozilla Foundationpingsender.exe"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/default-browser-agent/default-browser/1/59F52409-2C22-4E8F-BF53-2B51A539F90A "C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Pending Pings\59F52409-2C22-4E8F-BF53-2B51A539F90A"C:\Windows\system32\ATTACKRANGE\Administrator{539407B1-4166-64F8-AE19-060000000000}0x619ae2HighMD5=CDA18433037F1BFA16C46FEA55F8A358,SHA256=E54C410C4D86178CE39397D811F7E44DC616FB81070434703A6CBF38483A6028,IMPHASH=F84029681F81FED23E3E067364DA1699{539407B1-41B9-64F8-F300-000000000803}5952C:\Program Files\Mozilla Firefox\default-browser-agent.exe"C:\Program Files\Mozilla Firefox\default-browser-agent.exe" do-task "308046B0AF4A39CB"ATTACKRANGE\Administrator