c052da3f...e9da

Severity	Category	Operation	Classification
4/5	File System	Renames user files	Ransomware
Renames multiple user files. This is an indicator for an encryption attempt. ... VTI Actions Go to function call
4/5	File System	Modifies content of user files	Ransomware
Modifies the content of multiple user files. This is an indicator for an encryption attempt. ... VTI Actions Go to function call
3/5	Browser	Reads data related to saved browser credentials	-
Reads saved credentials for "Google Chrome". ... VTI Actions
3/5	Browser	Reads data related to browser cookies	-
Reads Cookies for "Mozilla Firefox". ... VTI Actions Go to function call
Accesses Cookies for "Google Chrome". ... VTI Actions
Accesses Cookies for "Microsoft Internet Explorer". ... VTI Actions
Accesses Cookies for "Microsoft Edge". ... VTI Actions
Accesses Cookies for "Mozilla Firefox". ... VTI Actions
2/5	File System	Known suspicious file	Trojan
File "C:\Users\CIiHmnxMn6Ps\Desktop\CSPITEFUL DOUBLETAKESpiteful Doubletake (LIVE).exe" is a known suspicious file. ... VTI Actions Go to file details Go to function call
1/5	Masquerade	Changes folder appearance	Riskware
Folder "c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\application shortcuts" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\burn\burn" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\burn\burn1" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\history" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\winx\group1" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\winx\group2" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\winx\group3" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\internet explorer\quick launch" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\windows\accountpictures" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\windows\libraries" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\windows\recent" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\contacts" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\desktop" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\documents" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\documents\my shapes" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\downloads" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\favorites" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\favorites\links" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\links" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\music" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\onedrive" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\pictures\camera roll" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\pictures" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\pictures\saved pictures" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\saved games" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\searches" has a changed appearance. ... VTI Actions
Folder "c:\users\ciihmnxmn6ps\videos" has a changed appearance. ... VTI Actions
1/5	File System	Creates an unusually large number of files	-
Creates an unusually large number of files. ... VTI Actions Go to file details Go to function call
1/5	PE	Drops PE file	Dropper
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\66e49fbc.dll.3884". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\222088f1.dll.3884". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\Math\BigInt\GMP\GMP.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\Math\BigInt\FastCalc\FastCalc.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\00e543c1.dll.3884". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\1855172f.dll.3884". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\mro\mro.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\Win32API\File\File.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\a6fc9875.dll.3884". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\Socket\Socket.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\Tk\Pixmap\Pixmap.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\Tk\Text\Text.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\Tk\HList\HList.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\b3502cf1.dll.3884". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\Digest\MD5\MD5.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\CryptX\CryptX.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\Tk\Listbox\Listbox.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\2d372e50.dll.3884". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\7b4813a8.dll.3884". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\Tk\Scrollbar\Scrollbar.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\96d13468.dll.3884". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\Tk\Canvas\Canvas.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005/CSPITEFUL DOUBLETAKESpiteful Doubletake (LIVE).exe.3796". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005/libstdc++-6.dll.3796". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\951bce63.dll.3884". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\MIME\Base64\Base64.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\Tk\Scale\Scale.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\re\re.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\Tk\Entry\Entry.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\Tk\Tk.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\Tk\Menubutton\Menubutton.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005/perl528.dll.3796". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005/libgcc_s_seh-1.dll.3796". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\Tk\Event\Event.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\74069416.dll.3884". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\Crypt\Blowfish\Blowfish.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005/libwinpthread-1.dll.3796". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\b100a34d.dll.3884". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\inc\lib\auto\Encode\Unicode\Unicode.xs.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\f7c5d4c7.dll.3884". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005\95709774.dll.3884". ... VTI Actions Go to file details Go to function call
1/5	PE	Executes dropped PE file	-
Executes dropped file "C:\Users\CIIHMN~1\AppData\Local\Temp\par-434969486d6e784d6e365073\cache-b2cb990f941b4605bb72c66e2137e57651c2d005/CSPITEFUL DOUBLETAKESpiteful Doubletake (LIVE).exe.3796". ... VTI Actions Go to file details Go to function call

Notifications (2/2)

Before

After