154100x8000000000000000362391089Microsoft-Windows-Sysmon/Operationalvictim.lan.local-2023-04-04 16:04:05.208{4E601973-4A75-642C-F6AA-050000005000}7936C:\Program Files (x86)\Google\Chrome\Application\chrome.exe109.0.5414.129Google ChromeGoogle ChromeGoogle LLCchrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\admin\AppData\Local\Temp\2\Temp1_test_malware.zip\test_malware‮xcod.htmC:\Windows\system32\ADMIN{4E601973-C1B9-63E3-641C-0B0000000000}0xb1c642MediumMD5=A713BBF1E4F8E24062C632018D66E907,SHA256=976C334AA68FC34DD6BFFFBAFA0B4751A70FA7CDED2D6AC7D8475D051D83ED37,IMPHASH=2D7CBAAF2B99462FEF89676636794945{4E601973-C7BE-63E3-8F00-000000005000}5808C:\Windows\explorer.exeC:\Windows\Explorer.EXE 11241100x8000000000000000362391725Microsoft-Windows-Sysmon/Operationalvictim.lan.localDesktop2023-04-04 18:45:10.912{4E601973-C7BE-63E3-8F00-000000005000}5808C:\Windows\Explorer.EXEC:\Users\ADMIN\Desktop\test_malware‮xcod.htm:Zone.Identifier2023-01-30 14:10:56.000 11241100x8000000000000000362391724Microsoft-Windows-Sysmon/Operationalvictim.lan.localDesktop2023-04-04 18:45:10.894{4E601973-C7BE-63E3-8F00-000000005000}5808C:\Windows\Explorer.EXEC:\Users\ADMIN\Desktop\test_malware‮xcod.htm2023-04-04 18:45:10.893 154100x8000000000000000362391709Microsoft-Windows-Sysmon/Operationalvictim.lan.local-2023-04-04 18:43:32.877{4E601973-6FD4-642C-5FAE-050000005000}5296C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\SwReporter\107.294.200\software_reporter_tool.exe107.294.200Software Reporter ToolSoftware Reporter ToolGooglesoftware_reporter_tool.exe"C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\SwReporter\107.294.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=XhcfzyfEX+js9VbAxHSfqE8rVl7aVXSt2JJw7bHe --registry-suffix=ESETC:\Users\ADMIN\AppData\Local\Temp\2\ADMIN{4E601973-C7B9-63E3-641C-0B0000000000}0xb1c642MediumMD5=2A91302BFE641CC3B7ED302FBB9C6940,SHA256=664F9EA097D1992B28AFF370AB00E19F049D1E62CC2776E61B07BBE0C4364935,IMPHASH=DE3CA1063F296A07162A7F96227C6216{4E601973-6FD1-642C-55AE-050000005000}12408C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\ADMIN\AppData\Local\Temp\2\Temp1_test_malware.zip\test_malware‮xcod.htm 154100x8000000000000000362391707Microsoft-Windows-Sysmon/Operationalvictim.lan.local-2023-04-04 18:43:29.780{4E601973-6FD1-642C-55AE-050000005000}12408C:\Program Files (x86)\Google\Chrome\Application\chrome.exe109.0.5414.129Google ChromeGoogle ChromeGoogle LLCchrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\ADMIN\AppData\Local\Temp\2\Temp1_test_malware.zip\test_malware‮xcod.htmC:\Windows\system32\ADMIN{4E601973-C7B9-63E3-641C-0B0000000000}0xb1c642MediumMD5=A713BBF1E4F8E24062C632018D66E907,SHA256=976C334AA68FC34DD6BFFFBAFA0B4751A70FA7CDED2D6AC7D8475D051D83ED37,IMPHASH=2D7CBAAF2B99462FEF89676636794945{4E601973-C7BE-63E3-8F00-000000005000}5808C:\Windows\explorer.exeC:\Windows\Explorer.EXE 4688201331200x802000000000000025613727Securityvictim.lan.localS-1-5-21-522199786-2069634556-312552118-239922ADMINWORKGROUP0xb1c640x3078C:\Program Files (x86)\Google\Chrome\Application\chrome.exe%%19380x16b0"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\ADMIN\AppData\Local\Temp\2\Temp1_test_malware.zip\test_malware‮xcod.htmS-1-0-0--0x0 11241100x8000000000000000362391706Microsoft-Windows-Sysmon/Operationalvictim.lan.localDesktop2023-04-04 18:43:13.032{4E601973-C7BE-63E3-8F00-000000005000}5808C:\Windows\Explorer.EXEC:\Users\ADMIN\Desktop\test_malware.zip:Zone.Identifier2023-04-04 18:43:13.029 11241100x8000000000000000362391705Microsoft-Windows-Sysmon/Operationalvictim.lan.localDesktop2023-04-04 18:43:13.029{4E601973-C7BE-63E3-8F00-000000005000}5808C:\Windows\Explorer.EXEC:\Users\ADMIN\Desktop\test_malware.zip2023-04-04 18:43:13.029 154100x8000000000000000362391690Microsoft-Windows-Sysmon/Operationalvictim.lan.local-2023-04-04 18:42:44.969{4E601973-6FA4-642C-47AE-050000005000}6268C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\SwReporter\107.294.200\software_reporter_tool.exe107.294.200Software Reporter ToolSoftware Reporter ToolGooglesoftware_reporter_tool.exe"C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\SwReporter\107.294.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=udWTkdTGDwxUmkKq5QPt8TRtoURbIxCS65bZxDNq --registry-suffix=ESETC:\Users\ADMIN\AppData\Local\Temp\2\ADMIN{4E601973-C7B9-63E3-641C-0B0000000000}0xb1c642MediumMD5=2A91302BFE645CC3B7ED302FBB9C6940,SHA256=664F9EA097D1992B28AFF370AB00E19F049D1E62CC2776E61B07BBE0C4364935,IMPHASH=DE3CA1063F296A07162A7F96227C6216{4E601973-6FA1-642C-3DAE-050000005000}2980C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\ADMIN\AppData\Local\Temp\2\Temp1_test_malware.zip\test_malware‮xcod.htm 4688201331200x802000000000000025613697Securityvictim.lan.localS-1-5-21-522199786-2069634556-312552118-239922ADMINWORKGROUP0xb1c640xba4C:\Program Files (x86)\Google\Chrome\Application\chrome.exe%%19380x16b0"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\ADMIN\AppData\Local\Temp\2\Temp1_test_malware.zip\test_malware‮xcod.htmS-1-0-0--0x0 154100x8000000000000000362391686Microsoft-Windows-Sysmon/Operationalvictim.lan.local-2023-04-04 18:42:41.886{4E601973-6FA1-642C-3DAE-050000005000}2980C:\Program Files (x86)\Google\Chrome\Application\chrome.exe109.0.5414.129Google ChromeGoogle ChromeGoogle LLCchrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\ADMIN\AppData\Local\Temp\2\Temp1_test_malware.zip\test_malware‮xcod.htmC:\Windows\system32\ADMIN{4E601973-C7B9-63E3-641C-0B0000000000}0xb1c642MediumMD5=A713BBF1E4F8E24062C632018D66E907,SHA256=976C334AA68FC34DD6BFFFBAFA0B4751A70FA7CDED2D6AC7D8475D051D83ED37,IMPHASH=2D7CBAAF2B99462FEF89676636794945{4E601973-C7BE-63E3-8F00-000000005000}5808C:\Windows\explorer.exeC:\Windows\Explorer.EXE 11241100x8000000000000000362391672Microsoft-Windows-Sysmon/Operationalvictim.lan.localOutlookAttachment2023-04-04 18:42:35.081{4E601973-6F8F-642C-32AE-050000005000}9744C:\Program Files\Microsoft Office\Office16\OUTLOOK.EXEC:\Users\ADMIN\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P9O4P9VY\test_malware.zip:Zone.Identifier2023-04-04 16:00:24.125 11241100x8000000000000000362391671Microsoft-Windows-Sysmon/Operationalvictim.lan.localOutlookAttachment2023-04-04 18:42:35.074{4E601973-6F8F-642C-32AE-050000005000}9744C:\Program Files\Microsoft Office\Office16\OUTLOOK.EXEC:\Users\ADMIN\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P9O4P9VY\test_malware.zip2023-04-04 18:42:35.070 11241100x8000000000000000362391670Microsoft-Windows-Sysmon/Operationalvictim.lan.localOutlookAttachment2023-04-04 18:42:35.071{4E601973-6F8F-642C-32AE-050000005000}9744C:\Program Files\Microsoft Office\Office16\OUTLOOK.EXEC:\Users\ADMIN\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P9O4P9VY\test_malware.zip2023-04-04 18:42:35.070