Analysis
-
max time kernel
128s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
17-03-2024 21:27
General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/%24uckyLocker.exe
Malware Config
Signatures
-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (84) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Drops startup file 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops desktop.ini file(s) 4 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Drops file in System32 directory 1 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Modifies registry class 1 IoCs
-
NTFS ADS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 48 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/%24uckyLocker.exe1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8591346f8,0x7ff859134708,0x7ff8591347182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4696 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5996 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\$uckyLocker.exe"C:\Users\Admin\Downloads\$uckyLocker.exe"2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1128 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6732 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6736 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6332 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\CoronaVirus.exe"C:\Users\Admin\Downloads\CoronaVirus.exe"2⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"3⤵
-
C:\Windows\system32\mode.commode con cp select=12514⤵
-
C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quiet4⤵
- Interacts with shadow copies
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16762951608269142297,86812172914729438,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3448 /prefetch:22⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.id-10BCD7B0.[coronavirus@qq.com].ncovFilesize
768KB
MD527b6a2e0cd3b78a1aa729e5ef3444279
SHA1075764a8bba8e13942e833ed91267f0c6d89be72
SHA256df1d05914a8faf75c2d6421d21990f78134c51a3e6d7b434a5fbfd1c350ebea4
SHA512e1fee7154fd0cb7602a62523801b690ea30ff59a86a094e1aee5062deca582d72d0ca6be9fac5b6951029300186fe2e87849a4add9af205f54240b97f804eaf3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57c6136bc98a5aedca2ea3004e9fbe67d
SHA174318d997f4c9c351eef86d040bc9b085ce1ad4f
SHA25650c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2
SHA5122d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD55c6aef82e50d05ffc0cf52a6c6d69c91
SHA1c203efe5b45b0630fee7bd364fe7d63b769e2351
SHA256d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32
SHA51277ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\197cd757-2f31-46e2-be20-a86f7b2eaf1f.tmpFilesize
8KB
MD587818055381b4539c003d2bbdceba47d
SHA1745938fb18c96efa83f88b3c69f417367b8a81a9
SHA256e866369c2e5f03dba075f504aa0624248b5b26bfd9c557774ff8b5eedf5a8f9e
SHA5122373842d890ad2672ef4eead1159512717445ac43255271ed754245840fbdef0c8e7f1fe9d5c51d586d4b7f41cd6bb6df3ddcaa3fe6d4aa700c12d697896e5ea
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5ef1fef2f7cfbb93ea09b2675b7708784
SHA1c971565c338758b58f7d1653aa71d0ee24c44b5a
SHA256032727b742171626898263a443eb3f8340facafb7ea42472d61a9b6d1f92c4f6
SHA51299eb2d49f51e0c1e1a0dc78edb2acefd72cdc909ce85b661eb251092b037e5ba54c24e1e9689859157313574e87d9d267a59458c61600c3efd3eef544bb685bc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
3KB
MD5dd1cb7c3a5cede5b4a01ca77da44f6af
SHA1425fcc6e4dadd02e2e8a9c02c0026613ac544838
SHA256f45fdf9243b0730b4d1178d10395d0e6c28822f530ea824a3a1e480f5101b9a0
SHA512f27ba4bcd4f9330c378e639277a3435a5f48077d9ba127bd40644daaa0b8883d3858724812505cf22bc832b4c8a793f8c4d4a0ec374df3d0867d492ccbd22889
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
649B
MD5ce049c4a35daeeed17f500be9a60c329
SHA11438e1d0a796a5c1f250ad87e17031aab4e9d312
SHA2567b0fff498eb13842ea3c49c3bf7415cdea167dfc6d775b80ac1fdc344059fb86
SHA51280ca2de4a1ee2889cdd6391f35b335a294d567650dbd81860ae35efe1e961f33706db8373e95f36d98edc8a94ca2b269e2e4d1363ecc1913f39ab4a6ad3bc7b1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD54e65f8e1855f6c0a25978ef586d69130
SHA1efc522a433c57b4259d47effc9472a76c02483bb
SHA256e3f1bd4de6fdbb02b0e4b77840980d96e9cae7642cb3f1d372840c84639741da
SHA512d261538057a831e8065ec5924b7ed88159d8394b80d8fc1ce98b81e5055708c378665abfd23f24128b1c121acc45d20bede91862fdd9e04e95fc37d75b62af82
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5e8fa130fd4ff9ddbac526970a13bc1ea
SHA12d0fa9e40ac407ec14b1fd5cd2545f8dd3aaec4e
SHA256567ef31709fe3bd8f64b3bc75b1a3d790ab1ed95db254b4144d2f7c22a1f553e
SHA5129b2a50ee7a3cf576e0c6adeae9fe30da7ba105f750b2c3b7befa940b27090c14534468af9e854e632b992244dfe6070432cfca9179f76f3efaf02ece1c5ef4e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD51facdb85b182c3aadf43460f924fe7a6
SHA1598d19744354f56b6bd6b1009047f7d9a1a555c9
SHA2562ad988dca48efd67f8e22c403562f2149c7070a5e933d94fc383f80a4b0f1099
SHA512099ac3ba54bb9f8072fa02d46d051d9c7ca2801042b235cdc12dbac0e4ddc68cccd00a35b94afc350d65f0440d976794f941685a67e3bfe2ecd761c598057287
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5f75a8d684592bd5f325d782b3aad6068
SHA17adb0014a9c5c3326418971707b6de4cb5e09d49
SHA2566a3bd873012703c73ceb5b59842e5594dca6a4592c12c0a7dd9f148f327a2985
SHA512fe5ef6cb183979ea10df61e4f023323faf9b581df37992fb6e4963c2ff961b7620b7d5818cfcdb41e9ccaaa2f1620f2e462a93761529f50467c85bce6ffb06df
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD555d127207d8968892f68056ea9bd1d0b
SHA1a341b3628bab67c9e8ee14082cad47adc5d172bb
SHA25681ae5d435e5a428c2f44ce3a505429a144b690e4daa0d7948f12711c4274277e
SHA51296a4940f728332fbfa50e213247cd2f795a1079d09c3f518bedfd526c87981e33385a47c480198e34e4f28e10151b8e0a30955f1d3cbac3539c64bdbc7bb5cd1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
3KB
MD557a6f908e62b1ec5c196284c7874f1a8
SHA104d5885ab789a117c65d7bd13ea6721ff0ae725d
SHA2568c1df3eb6b6409f28e39b3c60c1ff0b3630012e3e3fa43e053b59d4cd2948f1f
SHA5125de39eb65947d77416060da2108f504f43904d558bcefe76a4fbb5da35310886589db9b2950235882102ce4bd746665d590f92cef1c539cf0be46cb90860d608
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
3KB
MD596c10f58249c3b06129acc2bd2ecc103
SHA1001f4372c5b1e172252bf58007f1a85637c8361e
SHA256ba0aeb99fed63988fd14c0901c7c4588062b1a9c534f16d619a0ae5062c56916
SHA512ca389dd1eb54bfde2edeba1107baaed578f5563dca2eb07caaf5f48e17e4f1bc8b6299c26946f0c8736bffdbeb896d198f175560c4e13fbdef3c48fcd1005935
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD57c12c4539a7e0b76aab3ab073f37ff6a
SHA1177025240c87a380b47433e7526aeb4fc19c1806
SHA2561c95c99e8981ca02bf050573697a5ab943e85b27fcf861724fa14df9ab3419a0
SHA512dbde40bf65da907f168136b77ed57aefeae7ddcdff2bbcf44ad2ed69a027e8207dae0481d56b309cef6be2fc19bff4d16310a1453297663f1baa53dc497a99c6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581018.TMPFilesize
1KB
MD513cb506466569adbb425813ea863ec3c
SHA1ee8b6b0f9bb9507eb83b7ec5a3300aa03266deff
SHA25647a2d6acfa6ecfa22cd46fd4f2c87fdcdfb5f7480da9a1a88bf2411cc5cf7b40
SHA51255182f9cb0b2838c2cf29ea4d97a7bc87766c9744bbfae5817c3547f55f1c22e18fb2056c340d7327d3df5b133134d8beddd821505fc74317d0acc2d88d126a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5199c83dc38721adbc597f0a3110dd89e
SHA1db75f95a0f830d105262c96408b8784f150321ad
SHA256f8a3d6eaf3b31145bf953dc52a63af857ea4f59dba101ee07c7f8a1b81ddd933
SHA512def4016073b72d794a121078b8dc74eb138ace4674bc73dc49f44d0231649c272278979aef4336b3cea456e9e38427ca6d4c3db85a89105549d06fe73352be9b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5927abfb195d50ef0302d1432644f59ba
SHA16f6f6a11d8e4e6f710917976472cfae3cf739cad
SHA2569a47f239c6f91772142e21a76fe19efd39b50a9c72d6d4ab017e57547112297c
SHA512a7a94aa0557a17ec14fc76c669e4850e3360950fb7c15d8c93088c4cad99fe50d9c27a4ac0e12ea04474a3d47cb9dd31bd80d575c4949af1a90a1f151d19112e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD53c7e739432886bd098aa0787de3db64a
SHA10354d5867b6a66d6ec8dede0b11d771fc8017d77
SHA256d0d9df1b81d573330909a42089bed1c074dc92475e795e11f94943ce5d4ca50f
SHA512d5b785edfb8d871ad2cde23c97bdb429ab076c86067a80ed3bd0927f74bdbac9a7f2f1df68a385805b33297898dce3762bae5fed98ae89737863716dd289114d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD58c2efb81e4fde395ef316e7cdc53e9eb
SHA16dd23ab8579bf927ec6424ec1aa635762e5d9e74
SHA256e07664fef638560d5e7e6f52585bd979df664f3124c4c1db4ab72a1ff053e8af
SHA51289855e1b563b2b3d80013254b3618be2a271093bb059653050e131273ef18478c88aad65a40e1f8f80d9fef582026e65655b6f85b57f605ef9c6666ec5917bb9
-
C:\Users\Admin\Downloads\$uckyLocker.exeFilesize
4KB
MD5d807bbc0b1c2514590da62666e82718a
SHA125f63ffac3e7ec60235445c5b62e227208edfd68
SHA2564f5f3188503e5c5bf7af1d8c6be735af8275965d5f72256631a4d7fbfd70d980
SHA5128c0c3756a86ca4577f4a3abfd5731ffa1cb4429d76cca7b1b9470c7789117e1fdda4bd5aaf8ed511213ba4b1c34adb2ee6de6484c9058602245737a3fb0ea693
-
C:\Users\Admin\Downloads\Unconfirmed 581453.crdownloadFilesize
414KB
MD5c850f942ccf6e45230169cc4bd9eb5c8
SHA151c647e2b150e781bd1910cac4061a2cee1daf89
SHA25686e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f
SHA5122b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9
-
C:\Users\Admin\Downloads\Unconfirmed 783203.crdownloadFilesize
1.0MB
MD5055d1462f66a350d9886542d4d79bc2b
SHA1f1086d2f667d807dbb1aa362a7a809ea119f2565
SHA256dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0
SHA5122c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1
-
\??\pipe\LOCAL\crashpad_4492_ELDNBZQSRPGZZNQIMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/4972-596-0x000000000A5C0000-0x000000000A5F4000-memory.dmpFilesize
208KB
-
memory/4972-566-0x0000000000400000-0x000000000056F000-memory.dmpFilesize
1.4MB
-
memory/4972-5928-0x0000000000400000-0x000000000056F000-memory.dmpFilesize
1.4MB
-
memory/4972-597-0x0000000000400000-0x000000000056F000-memory.dmpFilesize
1.4MB
-
memory/5616-184-0x0000000005B70000-0x0000000006114000-memory.dmpFilesize
5.6MB
-
memory/5616-197-0x0000000005550000-0x0000000005560000-memory.dmpFilesize
64KB
-
memory/5616-187-0x00000000055C0000-0x0000000005652000-memory.dmpFilesize
584KB
-
memory/5616-237-0x00000000752B0000-0x0000000075A60000-memory.dmpFilesize
7.7MB
-
memory/5616-241-0x0000000005550000-0x0000000005560000-memory.dmpFilesize
64KB
-
memory/5616-198-0x00000000055A0000-0x00000000055AA000-memory.dmpFilesize
40KB
-
memory/5616-183-0x0000000000B30000-0x0000000000B9E000-memory.dmpFilesize
440KB
-
memory/5616-182-0x00000000752B0000-0x0000000075A60000-memory.dmpFilesize
7.7MB
-
memory/5616-199-0x0000000005550000-0x0000000005560000-memory.dmpFilesize
64KB
-
memory/5616-240-0x0000000005550000-0x0000000005560000-memory.dmpFilesize
64KB