|
|
4/5
|
File System
|
Renames user files
|
Ransomware
|
|
|
-
Renames multiple user files. This is an indicator for an encryption attempt.
|
|
|
4/5
|
File System
|
Known malicious file
|
Trojan
|
|
|
-
File "C:\Users\CIiHmnxMn6Ps\Desktop\tree.exe" is a known malicious file.
|
|
|
3/5
|
Browser
|
Reads data related to browser cache
|
-
|
|
|
-
Reads Internet Explorer cache file "C:\\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\INetCache\Low\SmartScreenCache.dat".
|
|
|
3/5
|
Browser
|
Reads data related to browser cookies
|
-
|
|
|
-
Reads Cookies for "Microsoft Internet Explorer".
|
|
|
-
Reads Cookies for "Microsoft Edge".
|
|
|
-
Accesses Cookies for "Microsoft Internet Explorer".
|
|
|
-
Accesses Cookies for "Microsoft Edge".
|
|
|
3/5
|
OS
|
Modifies certificate store
|
-
|
|
|
-
Adds a certificate to the local "cryptoid_blocked.txt" by file.
|
|
|
-
Adds a certificate to the local "cryptoid_help.txt" by file.
|
|
|
-
Adds a certificate to the local "cryptoid_message.txt" by file.
|
|
|
-
Adds a certificate to the local "my" cryptoid_blocked.txt list by file.
|
|
|
-
Adds a certificate to the local "my" cryptoid_help.txt list by file.
|
|
|
-
Adds a certificate to the local "my" cryptoid_message.txt list by file.
|
|
|
-
Adds a certificate to the local "my" certificate list by file.
|
|
|
-
Adds a certificate to the local "my" revocation list by file.
|
|
|
-
Adds a certificate to the local "my" certificate trust list by file.
|
|
|
1/5
|
Anti Analysis
|
Resolves APIs dynamically
|
-
|
|
|
-
Resolves an unusually high number of APIs.
|
|
|
1/5
|
Persistence
|
Installs system startup script or application
|
-
|
|
|
-
Adds ""C:\Users\CIiHmnxMn6Ps\Desktop\tree.exe" e" to Windows startup via registry.
|
|
|
-
Adds "c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\windows\start menu\programs\startup\cryptoid_blocked.txt" to Windows startup folder.
|
|
|
-
Adds "c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\windows\start menu\programs\startup\cryptoid_help.txt" to Windows startup folder.
|
|
|
-
Adds "c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\windows\start menu\programs\startup\cryptoid_message.txt" to Windows startup folder.
|
|
|
1/5
|
File System
|
Modifies application directory
|
-
|
|
|
-
Modifies "c:\program files\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\designer\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\designer\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\designer\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\updates\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\updates\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\updates\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\updates\16.0.11126.20196\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\updates\16.0.11126.20196\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\updates\16.0.11126.20196\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\ar-sa\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\ar-sa\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\ar-sa\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\bg-bg\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\bg-bg\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\bg-bg\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\cs-cz\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\cs-cz\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\cs-cz\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\da-dk\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\da-dk\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\da-dk\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\de-de\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\de-de\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\de-de\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\el-gr\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\el-gr\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\el-gr\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\en-gb\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\en-gb\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\en-gb\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\en-us\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\en-us\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\en-us\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\es-es\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\es-es\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\es-es\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\es-mx\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\es-mx\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\es-mx\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\et-ee\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\et-ee\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\et-ee\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fi-fi\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fi-fi\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fi-fi\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fr-ca\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fr-ca\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fr-ca\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fr-fr\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fr-fr\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fr-fr\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\auxpad\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\auxpad\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\auxpad\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\insert\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\insert\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\insert\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\keypad\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\keypad\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\keypad\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\main\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\main\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\main\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\oskclearui\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\oskclearui\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\oskclearui\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\oskmenu\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\oskmenu\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\oskmenu\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\osknav\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\osknav\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\osknav\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\osknumpad\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\osknumpad\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\osknumpad\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\oskpred\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\oskpred\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\oskpred\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\symbols\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\symbols\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\symbols\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\he-il\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\he-il\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\he-il\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\hr-hr\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\hr-hr\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\hr-hr\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\hu-hu\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\hu-hu\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\hu-hu\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\hwrcustomization\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\hwrcustomization\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\hwrcustomization\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\it-it\cryptoid_blocked.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\it-it\cryptoid_help.txt".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\it-it\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\microsoft office\root\fre\cryptoid_message.txt".
|
|
|
-
Modifies "c:\program files\microsoft office\root\fre\startmenu_win10.mp4".
|
