Analysis
-
max time kernel
178s -
max time network
191s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
-
submitted
18-04-2024 19:20
Errors
General
-
Target
Eater-main/example/Eater_VF.zip
-
Size
20.6MB
-
MD5
0b5ee53dd3f7789f949ba1b2b4bab85d
-
SHA1
e74b270b5046d3ba8e59667a751cb304a4f230e5
-
SHA256
80a5bbf2dbe6d481cc930d89f23d0c10bc3d6363a5aa14ab45b5eabb8dff8c25
-
SHA512
8c504942a558cda426886305181589c28925d85c21c75f37d5f248e06570d291f3ae95fcd11ee0d7a09c4b9f80e686fce49ac9425c4732a0e247b21d6fc13828
-
SSDEEP
393216:khXNFKYJ0o4VwklTa9ZehxhIFZgo4Zd5z+1wavNas1PFcyoDQPPbJrXQY17cx:k9LKGS2klc4hoZgo4ZGNgAPgDQP9D7cx
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Kills process with taskkill 2 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 5 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Eater-main\example\Eater_VF.zip1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb2d04ab58,0x7ffb2d04ab68,0x7ffb2d04ab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3488 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4328 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4920 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4928 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3444 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4396 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:82⤵
- NTFS ADS
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1832,i,16384977366758435768,11643477608359001283,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Desktop\windows-malware-master\000\000.exe"C:\Users\Admin\Desktop\windows-malware-master\000\000.exe"1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""2⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im explorer.exe3⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im taskmgr.exe3⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic useraccount where name='Admin' set FullName='UR NEXT'3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic useraccount where name='Admin' rename 'UR NEXT'3⤵
-
C:\Windows\SysWOW64\shutdown.exeshutdown /f /r /t 03⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3a34855 /state1:0x41c64e6d1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD50c58add7c80ec5d3b06b6c40b21012ef
SHA1e1dd3afa95f2ea6e7420f9547b0bf08769ebe67b
SHA25667dfb2770fb7bfbbb2bffba2a50e28736ea3e51e93f02a3077155dc4c312a036
SHA51286679d72d2dd8f6ee4ddf34c67096f24dde0584d59311fdaa987139dda48f466a6c65070b00d80a10002628fa3fdea42407994ded840c2509e4a6d0ea9aa3f7c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD59ae9128dd66bb9a58306aa3353c4bcfa
SHA11c133341e6e7ccb3e4b3b0328f365aea9143e4fa
SHA25615beb96923dcfc96403621834e45763b13a0f9995019cda8e59c954114704aa8
SHA5126e6077e8b49dbcb151062e44e40e9e305c1c766db6b52db82e4b8e70234126c686fe0ee42d4e7fcbf6de5ecee91eb781b78692ad7b635076611ef0aabebb5ea4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD538d1655178573fc7362a9902f0d71c16
SHA16d3e4486619b6238d03ccc6ed006dc96ed7bb47f
SHA256594fd58c6aa6685e771d07cfcfa5a5b6e093f2e08de4394fc86b1e010a51426a
SHA512888dd7ae8052b1d6c2a3b9c1bd9d20994afd572159f334ccc572a4b2d1f864620c7be5a45c70ce89535f42fc17b9c254c44c7da5d09620276525a8a5e73049c1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
356B
MD5d90337d27ebdd285372b63a15487c715
SHA1792ef1f5ca96be2da828dcb574e0764d414def6d
SHA25645f6923cadfa4a4a9a4f34e9352737ee62e06a6019eb3df68e7098fdb2ea0c54
SHA512fd2d672bfde92f96db3c1171456e243568ac5db09f7609b8bfa9c7bde65ba49b1b4edb695f1f45eb4fe9b0ac88cadb2c2b7738605fa5dd9f9ec256a80b8a1e3e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD51617e0cd4fadb98f1325e76ed2b5aef9
SHA14cee1dc06fc48edf73f656f9366c8070380b340b
SHA2566f9ddba8cb8e9aca6b71ce0e13e31a9859a5ca028e8d42744508600b6e52e26b
SHA51258d5bd56bd7aff293d843311cf8b30265ab3270736ca44caf6966828d67acc377e97281d971ec19481ef3385e92383ce240226f75ad921314b7ee4c4f2563b57
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5e04bb5a22acb8efdd03c05a9cea219dc
SHA1d87981b9aca605e556f30296c87dfaefc5120609
SHA25676db48e3136b9234f3de9ed94c6a67f2bfefe7cb2764b632909f6bd457365392
SHA512ddd082abfac6383e3d6e7bc5815aa19fe4484a7f2b3887947ed9727512a705cb8d01be527cd9109c544a1b808762b2fa34e437f9f25832cdc0771c9476aa7a5b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5b2ec809b622e04dc3a2251560b6592a6
SHA1867f5109ccf4ffe1d8c3a7ce1e53048a3c4af2c2
SHA2562288744833ec76cb57ca69da61cbff5ed04564824df1dd73fb13f0a82d388a65
SHA512c73c54c4195fd1896a8edb9dddbb0537048704b6eb9706ea46b779478a69b5cefcea9505f6bc533b6abb0baa66091c3f30737e8e6ca5a81f8f6942f555dc50c0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5b6ee14effb77134d7ba545b20415f3ae
SHA1f4bdbca854bba3fe304e3647fd6bf8808544a9e3
SHA256b07df34a06029d1ef6acd9cc3b1968ce6d60ace749060494ab231aae27966af9
SHA512afa4835c2de4564bbb108e1c1759876761b2f8e18c4eab5bff624be9f1cf9f0b47289e3b58790e42f5dd66d7f72702ca06f5b8d498e2525d968788877fcdedad
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD51b9037faeeffebb827aced68846108b5
SHA1b2c216e341c49e735cd3fb896860e262f27f3bfb
SHA256308d2aa581f56ebb89a86bcc4186c807a5bbee2fbd09a4cbc85fe66e1b630ae9
SHA5121e4c81d76ba046eae01ce22b4eb56b89cf195cb913c7c0daf4a67fd51668d1c97c6bcc16f48773df652986e725a6826dd1bddc1d563483ace556bd6d067d760a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
16KB
MD53367cd89968215d2388eae8a3ad3667d
SHA143bf7542136a5d668e4e748d277fe9c6b9c781b3
SHA256fc835fc6f1f20101811e8550e8c9ebfaf76cf2e20f788418cb7a063b8b8974de
SHA5126a8be1295d25d85dc1483a5dc11069e63aaa80d0776be1b7a1bd6d9ec46cca6eef4f8f9aa380fb281c86bf7fd39074a799cdebd607ac1500459812908243e11e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
56B
MD5ae1bccd6831ebfe5ad03b482ee266e4f
SHA101f4179f48f1af383b275d7ee338dd160b6f558a
SHA2561b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57c15c.TMPFilesize
120B
MD57d36082b015bfa068db77e216767d4b4
SHA1254a2dbab593c7e07ee81a6c9a5572a113b2965d
SHA2569b1cadf20b356cfa620d27ffcfd04de5bab2f1dbcf8c113ec6fa0bd72f27b88e
SHA512d3070ee5bdd3c07c630070ce320b933e48be837fd491cfd23c949c2e8823275a4b3e3478c4aa435395935d7e7d7bda9cb1018410760bd9d484382073b89c3119
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
254KB
MD5ac415a13977738c5dc01d93fd782c04a
SHA1e61b72f4a006f86bfd878d5266008896344359c1
SHA2565a74705f3710b939a96ad88fa95ec98cce4b8a427a372080dbf4aaa3a0ed48df
SHA512455928d77e3cfa2924cab39eb7ed1d10cc86810d4f2cf0206305c77fa114681abcaad433d52f0980efcb20d14b5df488a65140031fc94adecf1fda8c0a751220
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
306KB
MD53131c28134f1c76cf7e468e09ec7b7b5
SHA1a6910c1212bcb12568857e587a85c6c5875507d4
SHA256da2d141b1bf616f93de401ee86d69b5b126429a22d2efa25363c629ff30698c8
SHA51294ef41fa6b5d82c41e5a39adf8b44f5f663b805891e919b63043c0dc335de0dfc60e595b74e955e47b7dff683aa4c35c819f1d33922be9b56ca09bdadab6c9d5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
254KB
MD50b167ff11158319efcd4f1126f3671d2
SHA1ecbc418fa1a4d3370d270412311a7922cb257bb9
SHA256d8bb1534e5f0c1f11bd2f0aaa925cf21ebdd9f0858a692ef2d64334f852c9f6e
SHA512c01170cf63b47d91c06b94a5437f0130bf37c0315ba5194f31ee0f0f614d7dd361038a782a71f31772b2c80d88e38f009d1583b7d962e62e5e52ab687146a9cf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
128KB
MD536fe3216e7d87779fa91476623aef2fe
SHA18b0fcee3342cacf43f1c2c047082bc2d093dbdbc
SHA256ff824d81e44df3e3b009a3853ebc6ac52fb6f558d78addd2a943380b1b382066
SHA5129e63ca1a33148e0c52eef7828e0545bbb4fb5af8b3ccbe4e86c9329951c0d089ce566b0aa965af509078c842c99293ddf8d414fbd65032ab67a94d2d7b2f53bb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
254KB
MD51c16d1a6d413e08e7e9207c7136c32c5
SHA1b639661bc2b44897c89d5f82708dd068bf2811a3
SHA25669e892b6834529f3b27e7b8a8c26ae8598a70fcf942a845fb8de310150d853c2
SHA512fc09738094ebecae024fdbf113a05ac10980d153cbc3f4ae6c5b259ba64198468963f33e386483875f1025bdad91675f4830ed2edd8751d3f49108f14dbe1a8b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
98KB
MD5276b51fb0370adc7c86827f91c01ec92
SHA1e79e78b2b8ac468d66979d248880b08d5accac21
SHA25624f4559c045ee1a0e02e78203bc1d364f1474ad79751935e472b7f6a24f6da57
SHA51220fbcce97f3db38d9a8c355a5531c3edcd7f7cc60731b9d79829c0051fe379f338e80d524bbec5eaf030182fd22b1f87233c235ce7d0fa57d7839f09046ff657
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
91KB
MD52c46489a2c492cbb3d211741fe331d12
SHA15872e9d72167b80d4ec40dbef706c5001588f398
SHA2568d21a227160bc694a8075972c4f23039c7cd4185592c748d7177394be45455ce
SHA512d8c2bd331089435fc8b086ef2d5690309f21688074802fc563a31923cc223f799bd28b98cea33c56ec1f0126f7a22b69e50587669e3b59eb4671b88b9877f34e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582313.TMPFilesize
83KB
MD54b69d3a7fef6bc85d0f712d586988284
SHA1f5596900001b463e4844818f2f31f8af7a66c64f
SHA256dad05b875ca6d49d52f15f9d8e40e663e0942ace2a382f655fa13506e940d451
SHA512baa8484b68a915c8d86c9d7a38777404a302470cb7e92230b7c73e0d586823eb848a9932c6e3de7f07a9aecdb25396fb3caa4810db5c4e1d40fc78afe73ca2c3
-
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdbFilesize
896KB
MD505fd338a24d644c8a27541e534e89507
SHA13834239061220fc3ded916bea9dd2e885dadc070
SHA2563f6ccf8f9b285f310a683a3e4523a9e48873b8d0163059f181c24cf1c1985c23
SHA512bff135046bb7dcc12a804923ecb7e4d8778621f2f718f38eb0d90f3cbb312973bf03a72b90d860110818e35634aeac6e1bff100e992ea63cacdc93bdac274090
-
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bakFilesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
C:\Users\Admin\AppData\Local\Temp\one.rtfFilesize
403B
MD56fbd6ce25307749d6e0a66ebbc0264e7
SHA1faee71e2eac4c03b96aabecde91336a6510fff60
SHA256e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690
SHA51235a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064
-
C:\Users\Admin\AppData\Local\Temp\rniw.exeFilesize
76KB
MD59232120b6ff11d48a90069b25aa30abc
SHA197bb45f4076083fca037eee15d001fd284e53e47
SHA25670faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be
SHA512b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877
-
C:\Users\Admin\AppData\Local\Temp\windl.batFilesize
771B
MD5a9401e260d9856d1134692759d636e92
SHA14141d3c60173741e14f36dfe41588bb2716d2867
SHA256b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7
SHA5125cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6
-
C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txtFilesize
396B
MD59037ebf0a18a1c17537832bc73739109
SHA11d951dedfa4c172a1aa1aae096cfb576c1fb1d60
SHA25638c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48
SHA5124fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f
-
C:\Users\Admin\Downloads\windows-malware-master.zipFilesize
138.1MB
MD5efc7175879aa8c0afd105a92ac6d3588
SHA1420aceb7ab487580f21a22af74283bb3dafcb5c1
SHA2565b1bcbd8ac2497503833493c6566df7417202975968edd0825ca77aefc9b26fb
SHA51277138a1cf3d33d35443ca4e44bd13ee39d276e91066a424ba3f751cce6a32f2a2441ffeb6020de722de0c4aeda4a9ae20d32726c5a5200b27a50daa286f22399
-
C:\Users\Admin\Downloads\windows-malware-master.zip:Zone.IdentifierFilesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
\??\pipe\crashpad_3020_TCOQLUIYQIPDXUIXMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1348-426-0x0000000006060000-0x0000000006070000-memory.dmpFilesize
64KB
-
memory/1348-447-0x000000000BEB0000-0x000000000BEBE000-memory.dmpFilesize
56KB
-
memory/1348-450-0x000000000C290000-0x000000000C2A0000-memory.dmpFilesize
64KB
-
memory/1348-452-0x000000000C290000-0x000000000C2A0000-memory.dmpFilesize
64KB
-
memory/1348-454-0x000000000C290000-0x000000000C2A0000-memory.dmpFilesize
64KB
-
memory/1348-456-0x000000000C290000-0x000000000C2A0000-memory.dmpFilesize
64KB
-
memory/1348-457-0x000000000C290000-0x000000000C2A0000-memory.dmpFilesize
64KB
-
memory/1348-446-0x000000000C150000-0x000000000C188000-memory.dmpFilesize
224KB
-
memory/1348-461-0x000000000C260000-0x000000000C270000-memory.dmpFilesize
64KB
-
memory/1348-462-0x000000000C260000-0x000000000C270000-memory.dmpFilesize
64KB
-
memory/1348-464-0x000000000C260000-0x000000000C270000-memory.dmpFilesize
64KB
-
memory/1348-466-0x000000000C290000-0x000000000C2A0000-memory.dmpFilesize
64KB
-
memory/1348-467-0x000000000C290000-0x000000000C2A0000-memory.dmpFilesize
64KB
-
memory/1348-468-0x000000000C260000-0x000000000C270000-memory.dmpFilesize
64KB
-
memory/1348-463-0x000000000C290000-0x000000000C2A0000-memory.dmpFilesize
64KB
-
memory/1348-435-0x0000000006060000-0x0000000006070000-memory.dmpFilesize
64KB
-
memory/1348-481-0x0000000074E30000-0x00000000755E1000-memory.dmpFilesize
7.7MB
-
memory/1348-482-0x000000000C260000-0x000000000C270000-memory.dmpFilesize
64KB
-
memory/1348-427-0x0000000006620000-0x0000000006BC6000-memory.dmpFilesize
5.6MB
-
memory/1348-424-0x0000000074E30000-0x00000000755E1000-memory.dmpFilesize
7.7MB
-
memory/1348-1289-0x0000000006060000-0x0000000006070000-memory.dmpFilesize
64KB
-
memory/1348-1290-0x0000000006060000-0x0000000006070000-memory.dmpFilesize
64KB
-
memory/1348-425-0x0000000000D10000-0x00000000013BE000-memory.dmpFilesize
6.7MB
-
memory/1348-1314-0x0000000074E30000-0x00000000755E1000-memory.dmpFilesize
7.7MB