Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://gofile.io/d/...

windows7-x64

3

https://gofile.io/d/...

windows10-2004-x64

3

https://gofile.io/d/...

windows10-ltsc 2021-x64

3

https://gofile.io/d/...

windows11-21h2-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    31-01-2025 03:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://gofile.io/d/OgdM4f

Score
10/10
cryptolockerdefense_evasiondiscoverypersistenceransomware

Malware Config

Signatures

  • CryptoLocker

    Ransomware family with multiple variants.

    ransomwarecryptolocker
  • Cryptolocker family
    cryptolocker
  • Downloads MZ/PE file 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • NTFS ADS 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of FindShellTrayWindow 50 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/OgdM4f
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4092
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff924a13cb8,0x7ff924a13cc8,0x7ff924a13cd8
      2⤵
        PID:4564
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
        2⤵
          PID:4300
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
          2⤵
          • Downloads MZ/PE file
          • Suspicious behavior: EnumeratesProcesses
          PID:4888
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
          2⤵
            PID:2212
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
            2⤵
              PID:1620
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
              2⤵
                PID:1272
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
                2⤵
                  PID:2252
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
                  2⤵
                    PID:4744
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
                    2⤵
                      PID:1464
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1600
                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:996
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
                      2⤵
                        PID:5440
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
                        2⤵
                          PID:3956
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
                          2⤵
                            PID:2476
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
                            2⤵
                              PID:2356
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2584 /prefetch:1
                              2⤵
                                PID:5192
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
                                2⤵
                                  PID:1052
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
                                  2⤵
                                    PID:1068
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
                                    2⤵
                                      PID:5880
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
                                      2⤵
                                        PID:5204
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5540 /prefetch:8
                                        2⤵
                                          PID:2900
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6168 /prefetch:8
                                          2⤵
                                            PID:4924
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6016 /prefetch:8
                                            2⤵
                                              PID:6140
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:8
                                              2⤵
                                              • Subvert Trust Controls: Mark-of-the-Web Bypass
                                              • NTFS ADS
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:2492
                                            • C:\Users\Admin\Downloads\CryptoLocker.exe
                                              "C:\Users\Admin\Downloads\CryptoLocker.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              • NTFS ADS
                                              PID:5064
                                              • C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
                                                "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Downloads\CryptoLocker.exe"
                                                3⤵
                                                • Executes dropped EXE
                                                • Adds Run key to start application
                                                • System Location Discovery: System Language Discovery
                                                PID:5972
                                                • C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
                                                  "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w0000023C
                                                  4⤵
                                                  • Executes dropped EXE
                                                  • System Location Discovery: System Language Discovery
                                                  PID:4516
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,10224994023459631174,2444285234029007560,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4744 /prefetch:2
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:1272
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:2988
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:436

                                              Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                Filesize

                                                152B

                                                MD5

                                                826c7cac03e3ae47bfe2a7e50281605e

                                                SHA1

                                                100fbea3e078edec43db48c3312fbbf83f11fca0

                                                SHA256

                                                239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

                                                SHA512

                                                a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                Filesize

                                                152B

                                                MD5

                                                02a4b762e84a74f9ee8a7d8ddd34fedb

                                                SHA1

                                                4a870e3bd7fd56235062789d780610f95e3b8785

                                                SHA256

                                                366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

                                                SHA512

                                                19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
                                                Filesize

                                                144B

                                                MD5

                                                6776add8559268568a506ed31f0c4da0

                                                SHA1

                                                396ba02e2eea1070535060cf772f529538e1d134

                                                SHA256

                                                ce9bb1390b5ef09bdc00818003658487abe3b268261c1061b077d09a22941d44

                                                SHA512

                                                c29951e8c4a25bf218ffbc193c876ea7dc1a2a6a229144211bdad93bbcc388c473c38fb2eaea146ce7151601eb6235a7b9824c45a0772e2ec1b2ad5965585aa0

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                Filesize

                                                391B

                                                MD5

                                                0f6d48d28f3398c4f70388657884288f

                                                SHA1

                                                296a46a341d8fa303970053f713b27277ba0f139

                                                SHA256

                                                023d03a2f36fac62c6a15b3cbb3c419a1299f32446831e615eefd08303674cf6

                                                SHA512

                                                a26af5692fa87154e2e2cbb15b307eb1a9cf4f11ef0881d55a3bb36da4c19d85917887098c3b801d61f0fae9e5731aa56d339a44397a8a0299ec4811d8e94f64

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                Filesize

                                                5KB

                                                MD5

                                                a740e9153569dad1b0f9f28d646de82e

                                                SHA1

                                                13a77101dd293b993aae0867537e7c3d096c7482

                                                SHA256

                                                40a4978e85faed4ab11805c85a5fe88f282f33d444b526a5dcda0cc1cc4c8adf

                                                SHA512

                                                1d39a8285a92d278f480e1f6ad94e538dbef4632ad7f9108ec0ac8f9d98d50b05c7688432ef3efd84d260e855cba8baba49caa62c1940fb4a7337c8b5ee9f73a

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                Filesize

                                                6KB

                                                MD5

                                                58feaa303e172a350b56365675f4b996

                                                SHA1

                                                bb01b583ac542319f4f9df69c46c8cbd192b3f58

                                                SHA256

                                                79e909ae6ec142b054aed82e406895862c56715ef7b88d9e1b89dd6b4b848152

                                                SHA512

                                                dfb1f5febff6b37fb894c0ff8d2b2af3ebb1bdcbb06a8373c9886c9ad503cda2a0df14ec7629d8a958a4b99fdc6927dc557fca1cbf80af892cdfa1fda239cc71

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                Filesize

                                                6KB

                                                MD5

                                                80609fa9776499572e58b83089525423

                                                SHA1

                                                13d09c9f87e6fe9082f144305cd7de4ba447b010

                                                SHA256

                                                3051f89a4726778dd35e21eab2b40485c76066ed2e8add4454a7c938cd868683

                                                SHA512

                                                fe0310f093a3ad2ace648201e1c2f2b34db210dfaa2262c80e47d4eeadd0ef4343a5c8828e8fd9f4f24a19735f502c6e93ccc4c3c65cded704c74ef4c433f11c

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                Filesize

                                                6KB

                                                MD5

                                                8fd54f0bf61a9e95a291f10b8b61510e

                                                SHA1

                                                ef92ac395132802242ab3983e451d98df75ebd8b

                                                SHA256

                                                99be6a7025158a9689c4f18906ca05f5c851ab0a89775f863235a545322a01c5

                                                SHA512

                                                10a38715ac91fde7f7ff0bd7c8ec69ecf4f477d81a38ac06dd8986d3af2c6ab3a3a42b8cc2c6016b53119a56cc4be3ee572defdf879d3edf03ca474df38eec15

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                Filesize

                                                370B

                                                MD5

                                                c42b2e2c103c61e9de8482aa6e7c8da1

                                                SHA1

                                                0cd263c951fececce96b554f41c97d0b4d761cd6

                                                SHA256

                                                133647d9db71e05d7910682c3c924abe8ebd78c6e4d4b5a4b3b8fb5ba96d1038

                                                SHA512

                                                cab1629a714ed79942c0f711459e282182e6dce803356c34d01ecc2c779ae12999b86b86e2b1ea8e3c3ec565773da64560e23d44a577969a058bd1c8fdc10872

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5854b3.TMP
                                                Filesize

                                                203B

                                                MD5

                                                7827eda7e77c5a32d9a1d6ad86d4f129

                                                SHA1

                                                c5b226b34e9fffe4d5fadf39601c37f185a14d4e

                                                SHA256

                                                7451bfcbbd44877bcc7eb2bc8e4c7f01a663fc6f2b87fb11abc0d8549db482a2

                                                SHA512

                                                b68c2ab1fd5fc340be6499f7ee521d6d4d1547415ca5de8b8bd23dc990e4cbacd79e62d5fcbabf4cc2e72aebc49f5430f7c3451e821a9eb4d3beae20f6c63523

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                Filesize

                                                16B

                                                MD5

                                                6752a1d65b201c13b62ea44016eb221f

                                                SHA1

                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                SHA256

                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                SHA512

                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                Filesize

                                                9KB

                                                MD5

                                                98f3e99dda60e45b445655f1067181f3

                                                SHA1

                                                2a3c583a717bdb7aad03aa95db17d23495ed32b7

                                                SHA256

                                                76850cdeb61b06776000c1b4f48712c791c2c984579ed6aa11b37c58dd7599a2

                                                SHA512

                                                37d1d9ccb60ae529d82f588152c70ee07083bf2cf831b0affd74dba6f2e8986b38bda2346e1ae61a2cd4039dc393b84cb6a5228ef3cf51c5dd0845f49024457b

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                Filesize

                                                8KB

                                                MD5

                                                4af9cf8fb3c0b9883fdfa5c7d4f19648

                                                SHA1

                                                f79a561396a43fe76fbe4f83a9c735e3903f3f28

                                                SHA256

                                                9c791a3d4aa25b278ef8474c8b99c6dec968faaebb018a18f245ca894381cff6

                                                SHA512

                                                b28b88f42587835bd5f6a856e2fdcaef9ab9e345d992d586da06d31d6c255885393700f9cdb4675c8a8f466cd5aa0c111afc7a206b964a4f1eb6ec398086d15a

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                Filesize

                                                8KB

                                                MD5

                                                ae62ef8f8ef8f4a4aa4096a244ba0a9c

                                                SHA1

                                                06a6e3398991c98ce5da97a14d1d7ac515f0cf8f

                                                SHA256

                                                c4963d4e4ca96b0d8ddcdcdd99e09f273f6a390bc4486b5b1a0fa58c34e5ec44

                                                SHA512

                                                2cf47af5481e7e4f72a99202188c5ad6041fb492808a7691fd3ce5d230cb562b96563f27e996bdd1eaeb6c30f59ca4039504a5b79b706e0cac35fab13ce0811f

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                Filesize

                                                8KB

                                                MD5

                                                65c6dbd37adc30fcd70d10c9312cd533

                                                SHA1

                                                98f5de197242af73d32622d9b10425f37b30c51c

                                                SHA256

                                                b28c4e93a1d99d294771ec1cdb47ef0490b43e47d913ecca990a8fe6492c5a85

                                                SHA512

                                                8faa3daee154f3039bef9bbb8cc66826f1e7e1854299e62765794dfa34d4516ce57659c8a8cff63358a5d33ec9dc5bbb6f0b137ab6c126485b010f18c5ae969d

                                                Download Submit

                                              • C:\Users\Admin\Downloads\CryptoLocker.exe:Zone.Identifier
                                                Filesize

                                                159B

                                                MD5

                                                b24186623fb2a3aaf115a61dbcdeff71

                                                SHA1

                                                fb513ddd9bc93d8496169183ecdb00bc03c94856

                                                SHA256

                                                9e1f407b928b083f7eafd8726491173d80f79008953d3b13b40add00f6e0a673

                                                SHA512

                                                a3abb39c8c282ee2e064fb0511f31190fa7909fc2dba62cae42b2340c871815bc7ac29cbd4f4fa23cf1258f44246f5601a9b07f1e9494217c66f2247f0960829

                                                Download Submit

                                              • C:\Users\Admin\Downloads\Unconfirmed 415997.crdownload
                                                Filesize

                                                338KB

                                                MD5

                                                04fb36199787f2e3e2135611a38321eb

                                                SHA1

                                                65559245709fe98052eb284577f1fd61c01ad20d

                                                SHA256

                                                d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

                                                SHA512

                                                533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

                                                Download Submit