hxxps://cdn[.]discordapp[.]com/attachments/1300330086595166258/1307442530815705179/AhyZPEc[.]exe?ex=674040fe&is=673eef7e&hm=8ad79a60c42ad67b863d53263c11c74bed5728ad5e7e599cc5d566abd8feea0c&

Analysis

max time kernel
63s
max time network
142s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 11:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1300330086595166258/1307442530815705179/AhyZPEc.exe?ex=674040fe&is=673eef7e&hm=8ad79a60c42ad67b863d53263c11c74bed5728ad5e7e599cc5d566abd8feea0c&

Score

8^/10

discovery pyinstaller upx

Malware Config

Signatures

Downloads MZ/PE file
Loads dropped DLL 7 IoCs

Processes:

chrome.exechrome.exe

pid process

1696 chrome.exe
1132 chrome.exe
1052
1052
1052
1052
1052

pid	process
1696	chrome.exe
1132	chrome.exe
1052
1052
1052
1052
1052

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\_MEI8762\python310.dll	upx
behavioral1/memory/2960-476-0x000007FEF4060000-0x000007FEF44CE000-memory.dmp	upx
behavioral1/memory/2648-462-0x000007FEF44D0000-0x000007FEF493E000-memory.dmp	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 3 IoCs

pyinstaller

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Unconfirmed 307314.crdownload	pyinstaller
C:\Users\Admin\Downloads\AhyZPEc.exe	pyinstaller
C:\Users\Admin\Downloads\AhyZPEc.exe	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2952 chrome.exe
2952 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe

Suspicious use of FindShellTrayWindow 48 IoCs

Processes:

chrome.exe

pid	process
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2952 wrote to memory of 2968	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2968	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2968	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2692	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2732	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2732	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2732	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2500	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2500	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2500	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2500	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2500	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2500	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2500	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2500	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2500	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2500	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2500	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2500	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2500	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2500	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2500	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2500	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2500	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2500	2952	chrome.exe	chrome.exe
PID 2952 wrote to memory of 2500	2952	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1300330086595166258/1307442530815705179/AhyZPEc.exe?ex=674040fe&is=673eef7e&hm=8ad79a60c42ad67b863d53263c11c74bed5728ad5e7e599cc5d566abd8feea0c&
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7ba9758,0x7fef7ba9768,0x7fef7ba9778
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1252,i,8051727502387071247,14597456729552063536,131072 /prefetch:2
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1252,i,8051727502387071247,14597456729552063536,131072 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1252,i,8051727502387071247,14597456729552063536,131072 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1252,i,8051727502387071247,14597456729552063536,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1252,i,8051727502387071247,14597456729552063536,131072 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1488 --field-trial-handle=1252,i,8051727502387071247,14597456729552063536,131072 /prefetch:2
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3628 --field-trial-handle=1252,i,8051727502387071247,14597456729552063536,131072 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3644 --field-trial-handle=1252,i,8051727502387071247,14597456729552063536,131072 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 --field-trial-handle=1252,i,8051727502387071247,14597456729552063536,131072 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 --field-trial-handle=1252,i,8051727502387071247,14597456729552063536,131072 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3804 --field-trial-handle=1252,i,8051727502387071247,14597456729552063536,131072 /prefetch:8
  2⤵
  - Loads dropped DLL
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3812 --field-trial-handle=1252,i,8051727502387071247,14597456729552063536,131072 /prefetch:8
  2⤵
  - Loads dropped DLL
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3944 --field-trial-handle=1252,i,8051727502387071247,14597456729552063536,131072 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 --field-trial-handle=1252,i,8051727502387071247,14597456729552063536,131072 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2672 --field-trial-handle=1252,i,8051727502387071247,14597456729552063536,131072 /prefetch:8
  2⤵
  PID:2464
- C:\Users\Admin\Downloads\AhyZPEc.exe
  "C:\Users\Admin\Downloads\AhyZPEc.exe"
  2⤵
  PID:2028
- - C:\Users\Admin\Downloads\AhyZPEc.exe
    "C:\Users\Admin\Downloads\AhyZPEc.exe"
    3⤵
    PID:2960
- C:\Users\Admin\Downloads\AhyZPEc.exe
  "C:\Users\Admin\Downloads\AhyZPEc.exe"
  2⤵
  PID:876
- - C:\Users\Admin\Downloads\AhyZPEc.exe
    "C:\Users\Admin\Downloads\AhyZPEc.exe"
    3⤵
    PID:2648

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3044

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\AhyZPEc.exe"
1⤵
PID:1632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5544e73472c0f56e09b86c01cbcdebee

SHA1
8f1294407401eda113bb9bf948bcc6f22fa05e6a

SHA256
c31d9c5ad43f6f31414669b3c59f15c978361986983aa7d2e59bf6e0be46d918

SHA512
e1c5f760e17b2e021eb6f7b713fb0b9c2c8bd84ff97191b4a7c771b08255a8c91302ea1ee90001dd02fe4b9fc5541b7dfc1b554bae6a06f2a4cc9bd58c9d29b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b1bdc28c4da9d426a0d6231ae9d0c20f

SHA1
c16431ddfae30b3c5af05859440d27529df5c6cb

SHA256
2b8ec2b81fd4f65312da56c0c905d97037f153feaec57f58d6ea5da934209794

SHA512
0d0c1760a8626e5325d5fa814e7d2f6f1b4d7ed2f0e24405ce70ca46f690cd94b6fdf7705e56c0b9c0cae28f2c775988e274b1e1150e6bfc482f10dc70fa2b97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
128c064aa2e0721a616dcfebc8f4f4a1

SHA1
adcb7619e9e50e322ea78cf50a51d949630f473c

SHA256
bf3d6eff4aeede401ab79566b930fb42ba43d03c65f3887fd5fc8a497427ed10

SHA512
82d754ab24fb0fa7704b32746957c5d58e11bdbd54ccf0b54e81d13d39a28b9376971a48f5da50db2bfd047594ce82d9f0914ec5339fc1a294c2978cd9a739b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
179KB

MD5
3e0e0bfb16a82e86b333c7babee36663

SHA1
6fcd7ef816a7b019f3b25a2f393484ed13138e4c

SHA256
03548ceaad6f3c7435aafdf994be27227714e548895e7b751d793f7c342dc1ca

SHA512
72db3deea164d80bca94da0625963cb734d4a0a3314d4f9c91f12bd05a851f217841f636ef7974ff1f5ebae039bfeb0478c10ef3eb37f4b0eaacf4b4468fa8c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20282\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
724223109e49cb01d61d63a8be926b8f

SHA1
072a4d01e01dbbab7281d9bd3add76f9a3c8b23b

SHA256
4e975f618df01a492ae433dff0dd713774d47568e44c377ceef9e5b34aad1210

SHA512
19b0065b894dc66c30a602c9464f118e7f84d83010e74457d48e93aaca4422812b093b15247b24d5c398b42ef0319108700543d13f156067b169ccfb4d7b6b7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20282\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
517eb9e2cb671ae49f99173d7f7ce43f

SHA1
4ccf38fed56166ddbf0b7efb4f5314c1f7d3b7ab

SHA256
57cc66bf0909c430364d35d92b64eb8b6a15dc201765403725fe323f39e8ac54

SHA512
492be2445b10f6bfe6c561c1fc6f5d1af6d1365b7449bc57a8f073b44ae49c88e66841f5c258b041547fcd33cbdcb4eb9dd3e24f0924db32720e51651e9286be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20282\attrs-23.1.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8762\ucrtbase.dll

Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
C:\Users\Admin\Downloads\AhyZPEc.exe

Filesize
17.6MB

MD5
3193d5e1e6ff591875d9033f9f0058d6

SHA1
765c7a567f39cfea5f8b5903ce6418954ec9f147

SHA256
7f0f34c2d33161040f2ddd2f9a27e40e54b5af65720eecf43704733dd7e12380

SHA512
7117f0fee0a0f744c703440804d9c51cbf84bae5d37f7945cd7ed8e33873cecc9b57fbc3153d2cb855238133aff9e321182163e9499baa651d504bd4f931b9f9

Download Submit
C:\Users\Admin\Downloads\AhyZPEc.exe

Filesize
10.8MB

MD5
44e782b18a4e58fd37d88d2fb360bddf

SHA1
1cabe79385e453d6818b8c307fcc3f578cb3de7c

SHA256
7f66d8e43c8b4f887db6aa944ea0a715265e86d6e65131a7e0b1d0282c0e5f41

SHA512
18add2da7f47ecab7136609bee941ef825f7b91b41afe9791aac3ba98e3d3cf9b691956b5ea5aeb8f0993bee0a204ddd38e494e41d4253b9b3179fa937663932

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 307314.crdownload

Filesize
18.5MB

MD5
219cb1da8052da8ab1ef4c385088b692

SHA1
3e5e5a59fa64c6f4ca4e708a4069b87a06c08a5d

SHA256
b22a07c457ebf01d4c11ce325b36c6269f7c729057e6b15f2ddec14f22854f5c

SHA512
2dd92b430de9181a1f6d948e6110da974f444974e5453b5d5dff6c22367ea4bcb97600876e82c163f025114245700b5c1229bbf1213b2ba6dd0519a915e391d3

Download Submit
\??\pipe\crashpad_2952_WPXTXYCRLCKFSQUE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8762\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
1c58526d681efe507deb8f1935c75487

SHA1
0e6d328faf3563f2aae029bc5f2272fb7a742672

SHA256
ef13dce8f71173315dfc64ab839b033ab19a968ee15230e9d4d2c9d558efeee2

SHA512
8edb9a0022f417648e2ece9e22c96e2727976332025c3e7d8f15bcf6d7d97e680d1bf008eb28e2e0bd57787dcbb71d38b2deb995b8edc35fa6852ab1d593f3d1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8762\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8762\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
d12403ee11359259ba2b0706e5e5111c

SHA1
03cc7827a30fd1dee38665c0cc993b4b533ac138

SHA256
f60e1751a6ac41f08e46480bf8e6521b41e2e427803996b32bdc5e78e9560781

SHA512
9004f4e59835af57f02e8d9625814db56f0e4a98467041da6f1367ef32366ad96e0338d48fff7cc65839a24148e2d9989883bcddc329d9f4d27cae3f843117d0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8762\python310.dll

Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
memory/2648-462-0x000007FEF44D0000-0x000007FEF493E000-memory.dmp

Filesize
4.4MB

Download
memory/2960-476-0x000007FEF4060000-0x000007FEF44CE000-memory.dmp

Filesize
4.4MB

Download