|
|
4/5
|
File System
|
Renames user files
|
Ransomware
|
|
|
-
Renames multiple user files. This is an indicator for an encryption attempt.
|
|
|
4/5
|
File System
|
Modifies content of user files
|
Ransomware
|
|
|
-
Modifies the content of multiple user files. This is an indicator for an encryption attempt.
|
|
|
4/5
|
File System
|
Known malicious file
|
Trojan
|
|
|
-
File "C:\Users\CIiHmnxMn6Ps\Desktop\asdfc4.exe" is a known malicious file.
|
|
|
3/5
|
Browser
|
Reads data related to browser cookies
|
-
|
|
|
-
Reads Cookies for "Google Chrome".
|
|
|
-
Reads Cookies for "Microsoft Internet Explorer".
|
|
|
-
Accesses Cookies for "Google Chrome".
|
|
|
-
Accesses Cookies for "Microsoft Internet Explorer".
|
|
|
-
Accesses Cookies for "Microsoft Edge".
|
|
|
-
Accesses Cookies for "Mozilla Firefox".
|
|
|
3/5
|
Browser
|
Reads data related to browser cache
|
-
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001c".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001d".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001e".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001f".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Cache\index".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\8c4d7305-348c-4e49-a93a-83143a3b9025\1dd0446e4b2b157b_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\8c4d7305-348c-4e49-a93a-83143a3b9025\4c3d15a0a987ed15_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\8c4d7305-348c-4e49-a93a-83143a3b9025\d4a1768080ecf56d_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\8c4d7305-348c-4e49-a93a-83143a3b9025\fdf2cfeb8ad0eeac_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\8c4d7305-348c-4e49-a93a-83143a3b9025\index".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\8c4d7305-348c-4e49-a93a-83143a3b9025\index-dir\the-real-index".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\1eb73b7c-1f7e-4d77-acd3-5605781472f5\608d13fb70947f94_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\1eb73b7c-1f7e-4d77-acd3-5605781472f5\d2d7a4c029e7ff02_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\1eb73b7c-1f7e-4d77-acd3-5605781472f5\e599dc5e24eb76d7_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\1eb73b7c-1f7e-4d77-acd3-5605781472f5\fdf2cfeb8ad0eeac_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\1eb73b7c-1f7e-4d77-acd3-5605781472f5\index".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\1eb73b7c-1f7e-4d77-acd3-5605781472f5\index-dir\the-real-index".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\1157fee2e2dc1968_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\1e16adeb2b036d0a_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\40bba07c05914591_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\50da1ec5d44a313d_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\54e8e10975acb34c_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\58c0fee6b0dfd5c3_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\608d13fb70947f94_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\8020f636edb35252_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\99f80f27ba259469_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\d2d7a4c029e7ff02_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\e599dc5e24eb76d7_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\e6fee29e34914471_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\fdf2cfeb8ad0eeac_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\index".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\index-dir\the-real-index".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1".
|
|
|
-
Reads Chrome cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index".
|
|
|
-
Reads Firefox cache file "C:\Users\CIiHmnxMn6Ps\AppData\Local\Mozilla\Firefox\Profiles\8i341t8m.default\cache2\entries\59248032DB55D8A9E0296A51BC66F3DEA6028EA5".
|
|
|
3/5
|
Browser
|
Reads data related to saved browser credentials
|
-
|
|
|
-
Reads saved credentials for "Google Chrome".
|
|
|
2/5
|
Browser
|
Reads data related to browsing history
|
-
|
|
|
-
Reads the browsing history for "Google Chrome".
|
|
|
2/5
|
Anti Analysis
|
Resolves APIs dynamically to possibly evade static detection
|
-
|
|
|
-
Resolves an unusually high number of APIs.
|
|
|
1/5
|
Process
|
Creates system object
|
-
|
|
|
-
Creates mutex with name "CryptNarWalker90912".
|
|
|
-
Creates mutex with name "Global\.net clr networking".
|
|
|
|
|
|
-
Creates mutex with name "CryptNarWalkerDecryptor90912".
|
|
|
1/5
|
Masquerade
|
Changes folder appearance
|
Riskware
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\application shortcuts" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\burn\burn" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\burn\burn1" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\history" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\winx\group1" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\winx\group2" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\winx\group3" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\internet explorer\quick launch" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\windows\accountpictures" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\windows\libraries" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\windows\recent" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\desktop" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\documents" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\documents\my shapes" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\downloads" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\favorites" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\favorites\links" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\links" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\music" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\onedrive" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\pictures" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\pictures\camera roll" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\pictures\saved pictures" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\saved games" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\searches" has a changed appearance.
|
|
|
-
Folder "c:\users\ciihmnxmn6ps\videos" has a changed appearance.
|
|
|
1/5
|
Persistence
|
Installs system startup script or application
|
-
|
|
|
-
Adds "c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop.ini.partially.cryptonar" to Windows startup folder.
|
|
|
-
Adds "c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\windows\start menu\programs\startup\send to onenote.lnk.partially.cryptonar" to Windows startup folder.
|
|
|
-
Adds "C:\Users\CIiHmnxMn6Ps\Desktop\CryptoNarDecryptor.exe" to Windows startup via registry.
|
|
|
1/5
|
Network
|
Performs DNS request
|
-
|
|
|
-
Resolves host name "smtp.zoho.eu".
|
|
|
1/5
|
File System
|
Creates an unusually large number of files
|
-
|
|
|
-
Creates an unusually large number of files.
|
