43c9c228baf00bc4614fdeb578eb84ad2232cef6c2820046b0b9fec502be573f

General

Target

Crypter.exe
Size

129KB
MD5

9c62af504ce79cc4c0bbcc2612f3c4db
SHA1

37c01dc0342c161569e9d434246dc42962c00860
SHA256

43c9c228baf00bc4614fdeb578eb84ad2232cef6c2820046b0b9fec502be573f
SHA512

3572b9dde32844ba873de6c994dcf42e71bc217806390d6cf9d767d4c837266592087837aa70991604e3bd283a27a6e11d1d48177996213e8575326f86f839f3
SSDEEP

3072:qLbLpVIYbQf91G3im/2Ef07JysgNv8Ofr4pt6Y46ab6koEMQBfjS3f2vYeBgrOi4:qTpVXvxyq6ko0BSveYprzOu3ScuT06

Score

9^/10

ransomware spyware stealer

Malware Config

Signatures

Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1107

Inhibit System Recovery
T1490
Modifies extensions of user files 1 IoCs
Ransomware generally changes the extension on encrypted files.
ransomware

Processes:

Crypter.exe

description ioc process

File opened for modification C:\Users\Admin\Pictures\AddApprove.tiff Crypter.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Pictures\AddApprove.tiff	Crypter.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Crypter.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	Crypter.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

Crypter.exe

description ioc process

File opened (read-only) \??\D: Crypter.exe

description	ioc	process
File opened (read-only)	\??\D:	Crypter.exe

Drops file in Program Files directory 64 IoCs

Processes:

Crypter.exe

description	ioc	process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Views\#FILE ENCRYPTED.txt	Crypter.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-standard\theme-dark\#FILE ENCRYPTED.txt	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\NavigationExperimental\assets\back-icon@2x.png	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-tw\ui-strings.js	Crypter.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.ViewModel.winmd	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24_altform-unplated.png	Crypter.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\msadc\msadcer.dll	Crypter.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-es_es.gif.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-16_contrast-black.png	Crypter.exe
File opened for modification	C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-30.png	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteMedTile.scale-200.png	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubStoreLogo.scale-200_contrast-high.png	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\thumb_stats_render_smallest.png	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL	Crypter.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo	Crypter.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\fr-FR\PSGet.Resource.psd1	Crypter.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\de-DE\MSFT_PackageManagementSource.strings.psd1	Crypter.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jsadebugd.exe.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_bho.dll.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif	Crypter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\#FILE ENCRYPTED.txt	Crypter.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\#FILE ENCRYPTED.txt	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-125.png	Crypter.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\#FILE ENCRYPTED.txt	Crypter.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.exe.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_share_18.svg	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\plugins\rhp\generic-rhp-app-selector.js	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sl-si\ui-strings.js.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\FileText32x32.png	Crypter.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui	Crypter.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\lib\ext\zipfs.jar	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-400_contrast-black.png	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailMediumTile.scale-100.png	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Full.aapp	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\version.js.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Sigma\Other.DATA	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\zh-tw\ui-strings.js	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-200_contrast-white.png	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubBadgeLogo.scale-100_contrast-white.png	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-180.png	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\de-DE\MSFT_PackageManagementSource.schema.mfl.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\move.svg.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sk-sk\#FILE ENCRYPTED.txt	Crypter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ro-ro\#FILE ENCRYPTED.txt	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ru_135x40.svg.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.dll	Crypter.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll	Crypter.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\#FILE ENCRYPTED.txt	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Light.scale-400.png	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\LargeLogo.scale-100_contrast-black.png	Crypter.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Interacts with shadow copies 2 TTPs 2 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
ransomware

File Deletion
T1107

Inhibit System Recovery
T1490

Processes:

vssadmin.exevssadmin.exe

pid process

396 vssadmin.exe
540 vssadmin.exe

pid	process
396	vssadmin.exe
540	vssadmin.exe

Modifies registry class 1 IoCs

Processes:

StartMenuExperienceHost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Crypter.exe

pid	process
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe
444	Crypter.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

vssvc.exe

description pid process

Token: SeBackupPrivilege 2816 vssvc.exe
Token: SeRestorePrivilege 2816 vssvc.exe
Token: SeAuditPrivilege 2816 vssvc.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

StartMenuExperienceHost.exe

pid process

1740 StartMenuExperienceHost.exe

description	pid	process
Token: SeBackupPrivilege	2816	vssvc.exe
Token: SeRestorePrivilege	2816	vssvc.exe
Token: SeAuditPrivilege	2816	vssvc.exe

pid	process
1740	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

Crypter.execmd.execmd.exe

description	pid	process	target process
PID 444 wrote to memory of 852	444	Crypter.exe	cmd.exe
PID 444 wrote to memory of 852	444	Crypter.exe	cmd.exe
PID 852 wrote to memory of 540	852	cmd.exe	vssadmin.exe
PID 852 wrote to memory of 540	852	cmd.exe	vssadmin.exe
PID 444 wrote to memory of 4200	444	Crypter.exe	cmd.exe
PID 444 wrote to memory of 4200	444	Crypter.exe	cmd.exe
PID 4200 wrote to memory of 396	4200	cmd.exe	vssadmin.exe
PID 4200 wrote to memory of 396	4200	cmd.exe	vssadmin.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Crypter.exe
"C:\Users\Admin\AppData\Local\Temp\Crypter.exe"
1⤵
- Modifies extensions of user files
- Checks computer location settings
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:444

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
2⤵
- Suspicious use of WriteProcessMemory
PID:852

C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
3⤵
- Interacts with shadow copies
PID:540

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
2⤵
- Suspicious use of WriteProcessMemory
PID:4200

C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
3⤵
- Interacts with shadow copies
PID:396

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2816

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:4684

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1740

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

2

T1107

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Peripheral Device Discovery

1

T1120

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\#FILE ENCRYPTED.txt
Filesize
332B

MD5
94250996214fbc1194e5d00ca0472059

SHA1
4aa601fd325613df0d1e070cd9b97aaeba31033e

SHA256
9dbda2ff049da53281eb3336461d309b8da1de14c11169187dcfc08dcbfe4b7d

SHA512
8ff4dfbe8cfd6c7ab86d045827a3fa79303f77e6fa4c9ef1d5000cbf36e9a8b8c397ec2fc98de341305151872e7a50e9184a385fc703907384cb5fdaba57938f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
Filesize
14KB

MD5
d1526c611fbfa91ce5d14239ae65da65

SHA1
9a0e562796985467c8e64545427f13506a4e7487

SHA256
167aa904fbe7aab5885a364596c3f01efca69badbb90ca8c2660ea3e46ec4ae2

SHA512
94e5601e35a84ac3d8838ff2ee45c60a2072a5e030fdfbb6e518f731b88b56e0da4b002d34129598d64e8025274aef8a0e44ca82ddb32c8214073def3740105d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
Filesize
14KB

MD5
9f7439c824d13a43f930d7fdf40bde27

SHA1
95e5ca4dbf7c36109888b05451b5ce64da27d7be

SHA256
e9e13408f69c5925074457ed8cdcf2074e5af57aaf0a065db2f65197631635bb

SHA512
d3d3fb1fb588143a7f6ab497beda5e939b689c88aae7e245388be4b4bbacaa0b84e856cd03f0040b4479b027cc57905cd8cf7f5a3623925de471b3560549a457

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads