Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 3, 2024, 6:35 p.m.	July 3, 2024, 6:50 p.m.

Size	9.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`42e52b8daf63e6e26c3aa91e7e971492`
SHA256	`a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430ea`
CRC32	`11A104D8`
ssdeep	`192:76f0CW5P2Io4evFrDv2ZRJzCn7URRsjVJaZF:76fPWl24evFrT2ZR5Cn7UR0VJo`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)

poop.exe "C:\Users\test22\AppData\Local\Temp\poop.exe"
2568

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 3, 2024, 6:35 p.m.		1	1	0

Steals private information from local Internet browsers (50 out of 1705 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\tr\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\is
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10.sth
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\is\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\iw
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\it
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fil
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\de
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\id
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fil
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\_locales\mr\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\gl\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\pt_PT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\id\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\fr
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\fr\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\c652a0ec48ceb3fcab170992c43a87413309e80065a26252401ba3362a17c565.sth
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\_locales\ru
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fi\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64\pnacl_public_pnacl_json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\_locales\ro
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.ldb
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\es_419\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ko
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\kn
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\km
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\el\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\ja
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\ar
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ka
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\_locales\tr\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\fil
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\it\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\ro\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\ca
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\tr\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\cs

Creates (office) documents on the filesystem (21 events)

file	C:\Users\test22\Documents\FOwRatdvSt.docm
file	C:\Users\test22\Documents\readme.xls
file	C:\Users\test22\Documents\YmdUgmixHdb.pptx
file	C:\Users\test22\Documents\WmXfDlmbAt.doc
file	C:\Users\test22\Documents\iZaIwdonvHsGmWxjG.docm
file	C:\Users\test22\Documents\readme.doc
file	C:\Users\test22\Documents\ONyeiyAHXnG.docx
file	C:\Users\test22\Documents\PCAiSHLjdCPwxTVNq.pptx
file	C:\Users\test22\Documents\vSjjFAKhemtn.doc
file	C:\Users\test22\Documents\ODDXIOTLPOd.docx
file	C:\Users\test22\Documents\SsGLuhxCcfWLVHTWxD.doc
file	C:\Users\test22\Documents\axTZwDBeUngqBG.ppt
file	C:\Users\test22\Documents\JDHeJjBWHuxqp.doc
file	C:\Users\test22\Documents\tfWgfaUyXRlwSTg.docm
file	C:\Users\test22\Documents\KIprYLexEf.doc
file	C:\Users\test22\Documents\cXMLMLMlMJidCP.doc
file	C:\Users\test22\Documents\FAaWoqRZplEQFsGvV.docm
file	C:\Users\test22\Documents\cQGgIaTFINe.docx
file	C:\Users\test22\Documents\ATwjKHHgPIXqpQbCw.doc
file	C:\Users\test22\Documents\sByekmDWYN.docm
file	C:\Users\test22\Documents\EzLbyzlmnhQgDZJOP.docx

Creates executable files on the filesystem (3 events)

file	C:\Users\test22\Links\Desktop.lnk
file	C:\Users\test22\Links\RecentPlaces.lnk
file	C:\Users\test22\Links\Downloads.lnk

Creates a shortcut to an executable file (50 out of 56 events)

file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\open1.png.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\agent.pyw.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\click.txt.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\office_2007.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\open.PNG.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\SendTo\EditPlus.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\테스트.txt.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\click.py.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox Guest Additions\Website.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\util.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\Settings.ini.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\agent.pyw - 바로 가기.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\한글2010(정품).lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\Office.2010.Toolkit.and.EZ-Activator.v2.1.5.Final.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chrome.lnk
file	C:\Users\test22\Links\Desktop.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\sn.txt.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\readme.txt.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\시리얼넘버.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\age.pyw.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\click.pyw.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\Python27.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\한글2010(정품) (2).lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\시작프로그램.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\다운로드.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\1234.zip.lnk
file	C:\Users\test22\Links\RecentPlaces.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\exit.png.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk

Checks for the Locally Unique Identifier on the system for a suspicious privilege (50 out of 52 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:35 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:36 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:36 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:36 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:36 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:36 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:36 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:36 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:36 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:36 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:36 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:36 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 6:36 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1

Attempts to identify installed AV products by installation directory (1 event)

file	C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe

Appends a known multi-family ransomware file extension to files that have been encrypted (1 event)

file	C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\qxo5wa6x.default-release\parent.lock

File has been identified by 68 AntiVirus engines on VirusTotal as malicious (50 out of 68 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.CaddyWiper.4!c
Elastic	Windows.Wiper.CaddyWiper
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojan.GenericRI.S27079619
Skyhigh	BehavesLike.Win32.Infected.zm
ALYac	Trojan.Agent.Wiper
Cylance	Unsafe
VIPRE	Generic.Caddy.WIPPER.A.04E15D3A
Sangfor	Trojan.Win32.Agent.Ve2b
K7AntiVirus	Trojan ( 0058f88b1 )
BitDefender	Generic.Caddy.WIPPER.A.04E15D3A
K7GW	Trojan ( 0058f88b1 )
Cybereason	malicious.daf63e
Arcabit	Generic.Caddy.WIPPER.A.04E15D3A
VirIT	Trojan.Win32.CaddyWiper.DGP
Symantec	Trojan.Gen.MBT
tehtris	Generic.Malware
ESET-NOD32	Win32/KillDisk.NCX
APEX	Malicious
McAfee	Trojan-caddywiper.b
Avast	Win32:Evo-gen [Trj]
ClamAV	Win.Malware.CaddyWiper-9941573-1
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	DoS:Win32/CaddyWiper.2dfc2c78
NANO-Antivirus	Virus.Win32.Gen.ccmw
MicroWorld-eScan	Generic.Caddy.WIPPER.A.04E15D3A
Rising	Trojan.CaddyWiper!1.DC93 (CLASSIC)
Emsisoft	Generic.Caddy.WIPPER.A.04E15D3A (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen
DrWeb	Trojan.KillMBR.24914
Zillya	Trojan.KillDisk.Win32.311
TrendMicro	Trojan.Win32.CADDYWIPER.YECCO
McAfeeD	ti!A29462054333
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.42e52b8daf63e6e2
Sophos	Troj/KillDisk-G
Ikarus	Trojan.Win32.KillDisk
Jiangmin	Trojan.Encoder.art
Webroot	W32.Trojan.Caddywiper
Google	Detected
Avira	TR/Crypt.XPACK.Gen
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Win32.Generic
Kingsoft	malware.kb.a.1000
Xcitium	Malware@#tx0r9s9204l4
Microsoft	DoS:Win32/CaddyWiper.A!dha
ViRobot	Trojan.Win32.S.CaddyWiper.9216
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Generic.Caddy.WIPPER.A.04E15D3A

poop.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All