Analysis
-
max time kernel
279s -
max time network
284s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
-
submitted
22-02-2024 16:38
General
-
Target
https://www.bing.com/ck/a?!&&p=654ed4847716133eJmltdHM9MTcwODU2MDAwMCZpZ3VpZD0yN2Y0YzU4My04ZjBiLTY3NTktMjIwOC1kNjNlOGVlYjY2MjkmaW5zaWQ9NTIwOQ&ptn=3&ver=2&hsh=3&fclid=27f4c583-8f0b-6759-2208-d63e8eeb6629&psq=worst+windows+10+viruses+still+downloadable&u=a1aHR0cHM6Ly9naXRodWIuY29tL0RhMmRhbHVzL1RoZS1NQUxXQVJFLVJlcG8&ntb=1
Malware Config
Signatures
-
CryptoLocker
Ransomware family with multiple variants.
-
Downloads MZ/PE file
-
Drops startup file 1 IoCs
-
Executes dropped EXE 5 IoCs
-
Adds Run key to start application 2 TTPs 5 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in Windows directory 4 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
NTFS ADS 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 58 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bing.com/ck/a?!&&p=654ed4847716133eJmltdHM9MTcwODU2MDAwMCZpZ3VpZD0yN2Y0YzU4My04ZjBiLTY3NTktMjIwOC1kNjNlOGVlYjY2MjkmaW5zaWQ9NTIwOQ&ptn=3&ver=2&hsh=3&fclid=27f4c583-8f0b-6759-2208-d63e8eeb6629&psq=worst+windows+10+viruses+still+downloadable&u=a1aHR0cHM6Ly9naXRodWIuY29tL0RhMmRhbHVzL1RoZS1NQUxXQVJFLVJlcG8&ntb=11⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffecd633cb8,0x7ffecd633cc8,0x7ffecd633cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,8038489972259504445,11945505056162255370,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,8038489972259504445,11945505056162255370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,8038489972259504445,11945505056162255370,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8038489972259504445,11945505056162255370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8038489972259504445,11945505056162255370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8038489972259504445,11945505056162255370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,8038489972259504445,11945505056162255370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,8038489972259504445,11945505056162255370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8038489972259504445,11945505056162255370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8038489972259504445,11945505056162255370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8038489972259504445,11945505056162255370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8038489972259504445,11945505056162255370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8038489972259504445,11945505056162255370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,8038489972259504445,11945505056162255370,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6496 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,8038489972259504445,11945505056162255370,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5780 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8038489972259504445,11945505056162255370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,8038489972259504445,11945505056162255370,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5660 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,8038489972259504445,11945505056162255370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\CryptoLocker.exe"C:\Users\Admin\Downloads\CryptoLocker.exe"2⤵
- Executes dropped EXE
- NTFS ADS
-
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe"C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Downloads\CryptoLocker.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe"C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w0000023C4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe"C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w0000023C5⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,8038489972259504445,11945505056162255370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\CryptoWall.exe"C:\Users\Admin\Downloads\CryptoWall.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\syswow64\explorer.exe"3⤵
- Drops startup file
- Adds Run key to start application
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\svchost.exe-k netsvcs4⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
-
C:\Windows\System32\oobe\UserOOBEBroker.exeC:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding1⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a91469041c09ba8e6c92487f02ca8040
SHA17207eded6577ec8dc3962cd5c3b093d194317ea1
SHA2560fef2b2f8cd3ef7aca4d2480c0a65ed4c2456f7033267aa41df7124061c7d28f
SHA512b620a381ff679ef45ae7ff8899c59b9e5f1c1a4bdcab1af54af2ea410025ed6bdab9272cc342ac3cb18913bc6f7f8156c95e0e0615219d1981a68922ce34230f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5601fbcb77ed9464402ad83ed36803fd1
SHA19a34f45553356ec48b03c4d2b2aa089b44c6532d
SHA25609d069799186ae736e216ab7e4ecdd980c6b202121b47636f2d0dd0dd4cc9e15
SHA512c1cb610c25effb19b1c69ddca07f470e785fd329ad4adda90fbccaec180f1cf0be796e5628a30d0af256f5c3dc81d2331603cf8269f038c33b20dbf788406220
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD5e6a42f3ba7a2fe412a40ad1dd649cbf0
SHA1c1776be42940d9affa41a038aee497602e14a0db
SHA256923aa413a887c60452445766b0a29f9edb1fcde4e444cfbf8e8ea6db6180667b
SHA512d48c18f71b1965465e0a795c5eb272ad19e6799756cf75e5914aa0ef1fac61893e00e9352f1b7519acadb0b9557afba06071c8519b71335264a6a4b9db7bfa92
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
649B
MD5360975bd921c39500db12ebd79404cc4
SHA1e7da569a1aa38a45c7552edb5d239c0724cbbd77
SHA256efda1c2c00e04f04badc407f536a2070b5e4406028368e6e492023c048009769
SHA5121eef5f554032833a552060cbf8bba71e61e55fbbc399c997eb0340f8225fd0edd4ad1e45af3e48f4b2ca04b3f493f0fbf7dd158f96c7684ee47b6297d6915b57
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
566B
MD51adeb4b9fd741f6adc5a673830dc42f9
SHA1a24d1e2c10bb4c8b9adec84ee1b2e844544886f3
SHA256a544750e0904bd295175dfd5f828b5d00c9d2f276e5c286a997fa20fc30f8880
SHA512d91cfa1863429a8c2c52d268e248fd28730db17e0b17022d4a88f96b51c51520dc0707018213ce8c63bc41d00d19d771598df9dc272d750f93932b8d58ddcab8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD546b8c57fd7b4c553c7e6e1ea16e3534b
SHA1bb86337d8672df26af753cdd6e777ea0d6d9d3b3
SHA256e9053cf50822af4484e4d9f42cd2a9b16c6331c96fe0b4222b2889902562c8ec
SHA512c04b9f3efb6c3afa1c454f7dfcb545d88bb6383f7cbbb810b680fe8979eee2d8b9cb083286549ee83712e8c2baa6740a39720beaaba5e515b4a247cba5554eb6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD54a2c8b1fa432cbfb5f40cd6dd0a2ad30
SHA1b22934b7ad1545041e8b9fe1b39b02479db60b62
SHA256655efac9961c6fea861534aa05bf5f4133eade8d55ce81c6d507194914f60b71
SHA51261c24504196cf6c8153141d8c71c9dfcd4165eb5718d30be1431a0b4e17f5b29b63b681073ef7203f80ab2569eace0160e266f174d894bc337b29658bd9b51df
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD51d56767167c1ef498926f838786d9575
SHA1d17b41d882206a1788203a9d7675b3dd4d3b0b62
SHA256688122d37b37ceeb221a6012bbd77f44cf2ffa91967fcbce12ac2b8c4b66f574
SHA512785aa95659a96dcb4f863c6a436169d9697e51063760e81d48b65293dcb5fba1070d3668991ea4fff1c93f5e113ac19fdac512963e3d2382ec133341eb1f561d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5526261ac93679b4c1e1c25ebc4851e29
SHA145787b84628a769a5ecbca0920985207cc0c37be
SHA2565518d37af4b545b4ce0405f0995d42290a294237455153e9ec419de11b51b368
SHA5121cf4a47292ebe633e6246e856a9fdc9ef6837a4babf8b00d5b0190aaa2ea64a2d63e5567f4ca5522ad9a8b31b26c2a911e76af29abafaa50bf5fe032004e99c5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
872B
MD54136e93c45b124f16e4ad0ef6f3da9c7
SHA1d6b6e28818d93716c4b1e7d40f0605d1b5ad6b81
SHA25672d7f6ad8e3a2513f3524178dd7f5044dba4121eb80f9aa961dbe03cf6a436a4
SHA5124ac0c0758e7d35a3d92e8fae0c5eeca71f6c143802e946a9c444ee74cf47cc6706eb047cb8a8b5a286ed4fa990aea677eb72384faaf20c84c82ec12d0ef3126d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5d2eb84a6f9c6cab6b2903ff296db9830
SHA1b6f8a04f07351a1225038780f8246f5d1a56b10f
SHA256a165d57e317cca57613322553885d37d00de238c03415106b5f97251886423e0
SHA512b302fb4a00148770fcc3ad98103f328406a996b66f412c3b2648e2e64ec01dc623e671c9a1b61d083e6fded7c7fa73894b0c3458fa05edb652ff5039899ec616
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
874B
MD53ede8568b938314fc9de1d4a55b61779
SHA1b32d0d62f59ca2a29826665115e350428d757a9c
SHA256dcdf0207dc5fc850c135b996d7f927da7cdb32f5b557dc6b105f0bff82af8b3c
SHA51204699db52d502aaaf5d565d54d03f5e9228662443803bfce74c34cacbc63fb1c94daae4e86bfc370a6cd92b1b02163448b703b352409ad8a701c06df889c623e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD529c126c87971731fd974629e5969db0a
SHA1ccab0624f4ded9d7f6438a91ccf373dd5adef503
SHA256fbb8d08007dd31abb9cc0d6c2423884e35c5f8341901f9d7e10e390eb674c796
SHA5123fe793a865687606cb0b7380b6200878bb2dd35107fcf506295d7812c2f9030cd04f68f850774dc8a12a57208502e08d2f154a5fbe7ab9a4d446b52bfff1634e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5e682244d3a1638f53524876d284ffbcf
SHA181eab68b1e883c9c1b0034fbf58caf984767cd69
SHA256da8c595b680b320cf88ef7b5b286b072988d594b8229ab7768f521c094d3f88c
SHA512c3b94f93b6f43bb819255aef07c8de2b27192bdf2e3a6b211e214b659900cc3112cc99498b2e3b757ebf6fb3727eda3caaa7d35a1a98d5c5cb1233cd7d58fbf0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580d3a.TMPFilesize
872B
MD5deff3b767d0c20e4617e9c338c90e989
SHA1ea31aa0c934ed6480a5cd6b9ed76488ef77751fc
SHA256e9c33eb53ebf53ab3a0b62a5838e6901b051ff27c2caee10dbe19fddf4ccdef2
SHA51274491cdb72d98e607ec3a71c9a92a2bcb3f414e79f5f466b382c890b747da835c7fdd49341b5b5ecfb75b6a4b92a9ce02ce97e5a1c38e9fe46d58a62dba99384
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5262beeb95b523236ad4529797949e017
SHA14f1246fa298025a0d28ba38efad72748b153b43b
SHA256608cc425e3d2b5583d4047a16f760cf79c5b69493191da5705a5d4c0cd4ec35e
SHA512a7261683924d4b263e45b1832a47d4d9f0743a469b8a5f256f90e7c174f026f0099e6046de5ce5f9d6647f4dac0e641af11af9c45437e8d6675a51f896b9c9b5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5b6e17e0f5a1e56f7c4b553cabbf1484a
SHA15f8901c9f61adfc483b888c9d35813133f017ce2
SHA25603b7dc3dae146754dd51356e17f0248680b82488d156c09a30710f49937b8aee
SHA5129c7f4a86f5d7ae57838ee27a9b957058f506b3878a63bca76bd7d130c08ece31379d5a5be3c37fe01121738b4dbd9cf035a048e2a19b688aa52413f104e2327b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5a670c2f5fe68d63015821d324458e1bf
SHA1a4717e145a6a5e9fb27d3af8859d10b92bbea23c
SHA256001adc0a2a1ebed0ab6d1c38569cd131ef0b2b606e821c86f9a78117c1c8ec91
SHA51261bf10114adf23cb59079d8230a928fd957a33a4d3c42cd718c56319f6ce1bc6054ee141c2d90bef0a7030e44955476d58e870dd62265aaf89c94c378285e9d8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD582625d205f18a2ba06fcbb2ac71788c8
SHA15165dab8434a2978f3a15ed7033ec6c8d1df4712
SHA256f656260c9b040306a40f45c99e8372fcec0884ffe49e04f85180d938664079ee
SHA51292f1a3cd2ddfb726833d6831965b800f79b608cb3c24cce2ed8877cf3bc6d7fe73576c7553b8680e9c152606d9f165719f336f560ee5f426a42f5834d95dea28
-
C:\Users\Admin\Downloads\CryptoLocker.exe:Zone.IdentifierFilesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
C:\Users\Admin\Downloads\CryptoWall.exe:Zone.IdentifierFilesize
55B
MD50f98a5550abe0fb880568b1480c96a1c
SHA1d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA2562dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6
-
C:\Users\Admin\Downloads\Unconfirmed 575620.crdownloadFilesize
338KB
MD504fb36199787f2e3e2135611a38321eb
SHA165559245709fe98052eb284577f1fd61c01ad20d
SHA256d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9
SHA512533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444
-
C:\Users\Admin\Downloads\Unconfirmed 728392.crdownloadFilesize
132KB
MD5919034c8efb9678f96b47a20fa6199f2
SHA1747070c74d0400cffeb28fbea17b64297f14cfbd
SHA256e036d68b8f8b7afc6c8b6252876e1e290f11a26d4ad18ac6f310662845b2c734
SHA512745a81c50bbfd62234edb9788c83a22e0588c5d25c00881901923a02d7096c71ef5f0cd5b73f92ad974e5174de064b0c5ea8044509039aab14b2aed83735a7c4
-
\??\pipe\LOCAL\crashpad_2912_QXXGTQZYHOFJKMULMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1088-491-0x000001C42D9A0000-0x000001C42D9A1000-memory.dmpFilesize
4KB
-
memory/1088-493-0x000001C42D9A0000-0x000001C42D9A1000-memory.dmpFilesize
4KB
-
memory/1088-492-0x000001C42D9A0000-0x000001C42D9A1000-memory.dmpFilesize
4KB
-
memory/1088-481-0x000001C42D9A0000-0x000001C42D9A1000-memory.dmpFilesize
4KB
-
memory/1088-483-0x000001C42D9A0000-0x000001C42D9A1000-memory.dmpFilesize
4KB
-
memory/1088-482-0x000001C42D9A0000-0x000001C42D9A1000-memory.dmpFilesize
4KB
-
memory/1088-488-0x000001C42D9A0000-0x000001C42D9A1000-memory.dmpFilesize
4KB
-
memory/1088-487-0x000001C42D9A0000-0x000001C42D9A1000-memory.dmpFilesize
4KB
-
memory/1088-489-0x000001C42D9A0000-0x000001C42D9A1000-memory.dmpFilesize
4KB
-
memory/1088-490-0x000001C42D9A0000-0x000001C42D9A1000-memory.dmpFilesize
4KB
-
memory/3096-440-0x0000000001010000-0x0000000001035000-memory.dmpFilesize
148KB
-
memory/3096-439-0x0000000001010000-0x0000000001035000-memory.dmpFilesize
148KB
-
memory/5048-446-0x0000000001200000-0x0000000001225000-memory.dmpFilesize
148KB
-
memory/5048-480-0x0000000001200000-0x0000000001225000-memory.dmpFilesize
148KB
-
memory/5048-444-0x0000000001200000-0x0000000001225000-memory.dmpFilesize
148KB