Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
-
submitted
27-02-2024 23:09
General
-
Target
watch.html
-
Size
881KB
-
MD5
bdbf42e182d9df0212f956f4580ae73d
-
SHA1
f389280d7626714f95488112e8eb4cd2f5e37308
-
SHA256
73fdb5cbf654176f8e733b164a8870ddce42f76f8a6827756ce5764510cc95bd
-
SHA512
ca65cd4d97c26e2bf389bf263fdcfe3cee1186b7ed239b5778d235a7d3a7e51991665711c4d9743160f4af51ee669db4c0f2c04934ee0645afd72f2bb31bd30e
-
SSDEEP
12288:huspsJsUsls+sas/sysQm23Sc8oLqKqgV0fGB7sfdQ:ham23F8oAGZ
Malware Config
Signatures
-
CryptoLocker
Ransomware family with multiple variants.
-
Downloads MZ/PE file
-
Executes dropped EXE 2 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
NTFS ADS 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
-
Suspicious use of FindShellTrayWindow 44 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\watch.html1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdd7143cb8,0x7ffdd7143cc8,0x7ffdd7143cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6476 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5808 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5740 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2524 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7040 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6664 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5704 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17956795264274872924,13239053735712641821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\CryptoLocker.exe"C:\Users\Admin\Desktop\CryptoLocker.exe"1⤵
- NTFS ADS
-
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe"C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Desktop\CryptoLocker.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe"C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w0000023C3⤵
- Executes dropped EXE
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD512b71c4e45a845b5f29a54abb695e302
SHA18699ca2c717839c385f13fb26d111e57a9e61d6f
SHA256c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0
SHA51209f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ce319bd3ed3c89069337a6292042bbe0
SHA17e058bce90e1940293044abffe993adf67d8d888
SHA25634070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3
SHA512d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD52cf75638b450a0179b2859478f192b32
SHA1608232d4b8e62e02316b5f4737f19895670984e8
SHA25644c2196498cc2a8e8be1f381ff54e076fa0d3eb7777cf8cabf30f72d6b56bfa4
SHA5122a5b084524d5ab3b50e9f5bf8c6d2d1350153f6bbedb51a0a3138b74ef4b1687adef562d2e16ea8e93e68b33fd043c862e7cca871195ee46103028d2d9bf1dc0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD59bbe27dfa5678afce004fba27f8ed6f2
SHA1e8a7965bd3f517bc5afeca917172e38ba349f5dd
SHA256465bc3fba5bb63ef7e405518b4ce9c55f26a845c46a1823c75d3d31cd70d3b57
SHA512326e210bbef8a2f786dd211a8f3a0a650fc242b3de5533a8d3d1cb1b52dac67451dd1c62924d5617c1a90c15ca75050ed5c1c81f9c7319e0f9aaeb1d13a0be5e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD58bb78946fcb3f48bd245fe9de0e9d19f
SHA11fe6704410cffac4c8de4a796f371df077f4e3ce
SHA25654c0347c4e327636d5aafc35c2ddb3398363db0be61477856ce1055827af61ed
SHA512f9a16019fb9be58695afbf440c20b86ac2f39a379da292e88dd8b8a99eb245e27a645f49cad14476434e9032776c0b9f38011e65ca209d36d1d25ea7fbcb004e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59bc27a134643dad67130b895686c094b
SHA15ffc1c8da3c4c91a4bbe948598681e7cfc437ab0
SHA256415e214054a446b70e00fd31225d1acbdf9b6fc9fbb6965a1a6d5fdf30b94747
SHA512ff8d0a553c41597bf97fc5aee853ca146149150882859c37430e90998cde1daaab1c2da623618e0addef4ce97eb6a37dc178fd3ffc1f3822cf81a806955be4e7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD52c435b9d57ae2af9e1c4ff2f207ae247
SHA1701f396f05120db61645c313848fc8fb04f62307
SHA2563f874e753de5bef4153f12798adf1e090848cc57b4171c1d8e30cba0d9d7a37c
SHA5125a13809de2a7ba4521a666e6b45fe959952b9505a4d229f87a654fa9968e37646735a341884c446c09be49e282cda98c500dbcc4d85b5bb1855d54a3ca7b800b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5a111019eff1603214c8c867450aa57be
SHA19da0df5a8088b85ffb9c88038db5ccf337b95b0d
SHA25626d07fc35078ceea354932f461292dde6a4f9c0ad977899b87b86d7019f479e2
SHA512615f21a46cfce4ec897d04fab2f43aff77fa5359f60c6e5b8dcee2b7367a57662fe1b461c2147bc14a965b65ff4d35a6868dbf170aa341c85ba694a2805f414a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD53e4c28a904ddd1ccb82d7cda5278c5e9
SHA168b988b45a95e3892ecf99685dfef8902d62a1e3
SHA25643b1b5d3f774b252beeabda97327f606d0a6e27f0ef157581b5e2371e616155a
SHA512aa5c4e8ddd30e338b4780bf4bd635e350888d936e38e1e68a9f20118e141a2a73a7e3229a2b569a48e70c7f48b0fcee57949e16c107b3fa6956eedeb4b97910f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD59d6e3f3ff9b66a1f037f9c562348de48
SHA185f1738e0fbcd274b57fbbf4b774be2e67a04288
SHA2567854a9b09ec7a44ed6502de50eeae5be1df4d0cd441c031b7032ec1fe48bb630
SHA5128e69ce69001faaf0bf7169b34bc7768057efaf7f17d9607b6b7f568571b39fa5f590cd105ed3f0a380c7288f903525e6dfd1d0db0936cad2189f837bef565283
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5ff8958702a6337b4dff9aebb0a39656a
SHA10e8b84535b6cf792cfc9f09054cf26feac12a7bb
SHA256dc2cfc36420e596d624dca233ead6c24d08c2fe3939968d3431b0f4db3876aa3
SHA51210455b18bfae9aec92f5ca0772d61c3e1c27314c3b385ff5f31019c5c3394ba6b46abddc6f305717cddf5c5b89b73b52d22f7c5dc7ee4a1247e566b21dccc90f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5971e56d8b5ecdcfe3a154a5c972a16fc
SHA153a91986e2e7b59ba402b313bbe55053c4013600
SHA2562004d15e3cc964f54101c9c538aa95dae7db0578c45cb67c5976f40823cedd67
SHA512d77bb8388c0fb275bc9ef2e06e43561762cb7b669e97ba321605e69045dcd370552958fce0f99c371d8168b4fb16b269d3026cbf6051606c06d74da0277eddaa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD522e7e63ba9bfa5b342f6fc0d9aeb6a6c
SHA1605d8196e2ac039e0d95932b71ae0603632e0c64
SHA256f6489881751166a7598dd71d24fab6dd914d85fe34048bbb524c6eb334abbaae
SHA512db0218bebbf42135a01dc3bc2cbe1559bc098ccf429ac8bb0fa053f9b4e0c897d942d6af03cdad5d7c4d836e7828b80162d90a9a89891e7f785947f030706c1d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txtFilesize
73B
MD5f134f3a215fe96bcf4dd45ff264f75d3
SHA1f75e9691eef80d71bf0e25854e1611e653f8869d
SHA25625c763522498d328bf1b707723f85a9c49670bf68df4e139f8e2fc071aa7aec7
SHA5120147efb5871f48f27d656c2c9efc0a4afb2ec62ab9a2da867812b3ce989de3a2b55d131dfcec4b623fe2f36d4878fc94fa553987a7e98a1f9d9f33cd6bc93b9c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txtFilesize
130B
MD5a0a881e5c65bc69a28e500fa4341c007
SHA132125866d93e52f4bf0fc825c5fb321d8f0c1222
SHA256b410e3ab238b18679a871c652adb5feba9b9204130412ec8e68cce829743ea92
SHA512b4e0d57caac6eeb72b3cf411cf1ff09d2f640e26a1cd2c5c179907eef30e663a1a0ce85e8ac30e04490dde463bee502cbfe382d5234c7b9637603ed9281a4fb3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txtFilesize
66B
MD5267c56ffbd81ff46d53feed961318c07
SHA1024aaff3e23b3f78654a99c4732a592269443842
SHA256f845f71b606ab1f9c5383e04c23509c39afffc921e9567b43525337f21a33af9
SHA512d3ef07e18fc840af5760f9a950c24f6112e1199607668671c254160c8a467cade23893bd054a487e2a6de7b98f9e12ef90bd893212d0d8d2bdeea95fee0006bb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD562a1a19fe7c241523e1bd02432cf5147
SHA1f14fc29cb287f2173717bde96c77f08448b8e9ed
SHA25618704745b1dd6181192f1d1475c4f0bd590a09c6780db7610be0133284fd6191
SHA5129a12b26c4521d6df3e1f38198178778b23a9d15ce5a71e413ee21bc70a3e6f41701b9106bd9aa7abc81a8611a770550d7b2f658401eeeec37d34fdf138793801
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5e984ad075535d3e3bd6a9a231feb00e8
SHA1b06aa7a262499d5b9f8b58377e685898977debb2
SHA256790a226739b91d955857dd978937c00b9b3f4382ee6553639eac5edfb8f9e1f1
SHA512770c004d3447473ca4e6c990ee49719740a5b9fb7420da23826c7fee95e112eedf85d8f0aba40dcaf4a90c5374f4ef9d28680782585a3879da0c8992c75c4102
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD56b4bedbe7e9f39e9a25ef4cff3dd7c01
SHA1527160aedaf51f91d7bd2e1b7ddf45f5824e6126
SHA256456b67b5c8ad17f8c05a46e82b0aa73a0d13e404497fb48b5f1c8755d590d6d5
SHA5124876ef718fd7fe57052252bf59d72c92c8b24819c3dd66e51a71fdedf0ac7fd02419f2b48938919d6269d64decd434ea572b8348e6468aed4759d024b47df190
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD57463bd36569609ecbefa18f15d349bf2
SHA1789974826d67e727df577aeeca7dd33eab77fd48
SHA2569b3968d98043bd5eb8e022e2b426a3c6a938618d7d050226ed16a634b0545c49
SHA512c5335e8505effb5f924443727df59a25af43b9d89bf111b3327ff96b3e3f7ba279dc081a2a84185ce952666a9409d3a3b3a052941e7095da79e351033bd73e61
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58439c.TMPFilesize
203B
MD5d711848804e91a30f43e4624dbecf10f
SHA1f817ef394000e0cda3f4a0b5d71daa03be15a562
SHA25671d8bda6fb54238ee5cff21a1713d4d53172fe2e13db9185e46e12ff5b816990
SHA51240b93cc5665f98a78e2719dfe010ca609a8677a16395275a3f3ae52696ef2b9994caaf0c16e30ef391535fffdba4f50e31a37ce244b6b2f8954e4b2eab9a73e0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD534c94fe618982ed68ba662c9624feba6
SHA19bda84a19d9e54ff158630c07d07adc301b7afc6
SHA256d25db4f819ebd394a250a4dd94153bc181e72f48a3f0f64d1d96c7b9cf9ac9af
SHA51290655e6026bfdfa53fa46111c0ce226a29a1fc7d142c2bce73dcfce9195c0cb48874ff39fda49bf027ca0c6ddc55374fd3c0e4cac67ca49a592dd71ae6ba1ef5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD55d27c6b926b1f416728244bbc58eef23
SHA15de4b4f1040b7d061fbfd9ec29bea9b185fd77aa
SHA2563bc7ff4f520029abe808c4946336b3f1290ed47fe830c58ee6eb7bcb6c24d701
SHA51229b60695b7243ebb3125e6392b0014a7cab560b6dfd4b76dcec93f21ddc796dfdc1e4bd9630beecf099f1668055a13e8199b6188fec3d51ccc2d77671e445053
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD51e992da9d6f14dbd947696e01898ab3e
SHA12a2e9c61ace1ff137435bbe087314a4d6618cd2e
SHA256357ff58c4ddb0e14b1aefc34a1ba9439374cbb0713dbe0fd78ccdb6861719689
SHA512923b10eaa63d4b3c7a2b338e2c4ce1b207b26f683d8f7f76ecc26537a05d6f37ae135a5bc48993db3eeaf32459b3c1f2f3e68916457b9bd83370243b6f2d88a2
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.datFilesize
10KB
MD577375d17a8241aa06af550428e413cee
SHA1ec13b23081e0a9cd92ae4d944deea5f5e0f036e6
SHA25645d3a9dec1354dbdaa71102c669564b4ed52f1981fd657550f6c1babc20982eb
SHA51264ba1637e51aa95f61c25c46fe20e597bbcae509cb0f1cd71bf26aa1841b2bb4e06e2941a25cf94addeff2f097d84feeb7fbfbb05729f3cc921dd076e95da56c
-
C:\Users\Admin\Downloads\CryptoLocker.exe:Zone.IdentifierFilesize
55B
MD50f98a5550abe0fb880568b1480c96a1c
SHA1d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA2562dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6
-
C:\Users\Admin\Downloads\Unconfirmed 750300.crdownloadFilesize
338KB
MD504fb36199787f2e3e2135611a38321eb
SHA165559245709fe98052eb284577f1fd61c01ad20d
SHA256d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9
SHA512533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444
-
\??\pipe\LOCAL\crashpad_4700_ZOJAXHLAEVIBXCHRMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e