a64b4f5529c3e6441fee5699219dfac7501b007a83a84346d2a194bfa24b2a04

General

Target

C3DDBFA5128976101123301D61824D782EA85FA9.gz
Size

8KB
MD5

70ad27f72e13236a0b11658500a8c53b
SHA1

6247cefb7d69c3353d5c7533311e3f55e0e73356
SHA256

a64b4f5529c3e6441fee5699219dfac7501b007a83a84346d2a194bfa24b2a04
SHA512

03e63b659ddd673a80bacd201d42e9e6eac1fff840cb7daca08722acc5ae4660ed5a0b5e437e52f142c83511a928b40eb72058efa90c73861fb4fd7d7a4ae9e5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 64 IoCs

Processes:

OpenWith.exe7zFM.exeOpenWith.execmd.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Applications\7zFM.exe\shell\open\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5000310000000000f554075a1000372d5a6970003c0009000400efbef554075af554075a2e000000dee701000000040000000000000000000000000000005035450037002d005a0069007000000014000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Applications	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	7zFM.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "2"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Applications\7zFM.exe	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Applications\7zFM.exe\shell\open	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Applications\7zFM.exe\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7zFM.exe\" \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings	cmd.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8c00310000000000f554d25e110050524f4752417e310000740009000400efbe874fdb49f554d25e2e0000003f0000000000010000000000000000004a00000000006e1dc600500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000_Classes\Applications\7zFM.exe\shell	OpenWith.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

OpenWith.exe7zFM.exe

pid process

4448 OpenWith.exe
2152 7zFM.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

7zFM.exe7zFM.exe7zG.exe

description	pid	process
Token: SeRestorePrivilege	2152	7zFM.exe
Token: 35	2152	7zFM.exe
Token: SeSecurityPrivilege	2152	7zFM.exe
Token: SeSecurityPrivilege	2152	7zFM.exe
Token: SeRestorePrivilege	1688	7zFM.exe
Token: 35	1688	7zFM.exe
Token: SeRestorePrivilege	3644	7zG.exe
Token: 35	3644	7zG.exe
Token: SeSecurityPrivilege	3644	7zG.exe
Token: SeSecurityPrivilege	3644	7zG.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

7zFM.exe7zFM.exe7zG.exe

pid process

2152 7zFM.exe
2152 7zFM.exe
2152 7zFM.exe
1688 7zFM.exe
3644 7zG.exe

pid	process
2152	7zFM.exe
2152	7zFM.exe
2152	7zFM.exe
1688	7zFM.exe
3644	7zG.exe

Suspicious use of SetWindowsHookEx 41 IoCs

Processes:

OpenWith.exeOpenWith.exe

pid	process
4448	OpenWith.exe
4448	OpenWith.exe
4448	OpenWith.exe
4448	OpenWith.exe
4448	OpenWith.exe
4448	OpenWith.exe
4448	OpenWith.exe
4448	OpenWith.exe
4448	OpenWith.exe
4448	OpenWith.exe
4448	OpenWith.exe
4448	OpenWith.exe
4448	OpenWith.exe
4448	OpenWith.exe
4448	OpenWith.exe
4448	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe
1196	OpenWith.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

OpenWith.exeOpenWith.exe

description	pid	process	target process
PID 4448 wrote to memory of 2152	4448	OpenWith.exe	7zFM.exe
PID 4448 wrote to memory of 2152	4448	OpenWith.exe	7zFM.exe
PID 1196 wrote to memory of 1688	1196	OpenWith.exe	7zFM.exe
PID 1196 wrote to memory of 1688	1196	OpenWith.exe	7zFM.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\C3DDBFA5128976101123301D61824D782EA85FA9.gz
1⤵
- Modifies registry class
PID:4596

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4448

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\C3DDBFA5128976101123301D61824D782EA85FA9.gz"
2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2152

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1196

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\C3DDBFA5128976101123301D61824D782EA85FA9"
2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1688

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\C3DDBFA5128976101123301D61824D782EA85FA9~\" -spe -an -ai#7zMap8920:130:7zEvent26970
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3644

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
e8f86205c3c0dbe27e48c5721e2ad72b

SHA1
167656c3a99e90351f566d07014027ccd3ab8227

SHA256
6c411e46682853396fc28a33c35bfe7547956b2a6a583b56a3882d723e000498

SHA512
7a282caf027501c21c26a5dcde4d8ec89f611e83a80217cb02a5b907cd389f589a594108f1218a74feb85ba012212cb3224502b1cbb926140fad8fa6d0acc58c

Download Submit
C:\Users\Admin\Desktop\C3DDBFA5128976101123301D61824D782EA85FA9

Filesize
583B

MD5
51618ac2b7cf5c4937213e965c00f20a

SHA1
7e704e57162ed18743bef9f95e2dea558954751b

SHA256
0b41f69e6564b9c89b1b344744c5b06eb4adc0e584028909286d2b936e1afed5

SHA512
d07af4309bf8156644d604676eec62cf78128dae1cd1808e865e02bf7302b3dea5b1eda42eecd6e8687c84b85a6a52c07bd45b120b8fe5940d8d80586a2d0fb0

Download Submit
memory/1688-133-0x0000000000000000-mapping.dmp

Download
memory/2152-130-0x0000000000000000-mapping.dmp

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads