File name:

934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.7z

Full analysis: https://app.any.run/tasks/e4d3771f-28da-43b2-ac5e-4193cb4101c3
Verdict: Malicious activity
Analysis date: November 25, 2024, 16:36:29
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
evasion
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

12FEEC7118A2631E385DB02141062E16

SHA1:

4EC266F0A6866CC309DF827D20CA9F03377D7386

SHA256:

4B612CD92DFCD128CBCC41F4C0D7F10A033CD4053AEF06C0D64F7E17348AE844

SSDEEP:

6144:5fS2XtCWAE0Bl2rs3/cHcDodVnnZF3HZjZHgRsoxKlBiIqfs5Fb:5S2XtCWI2sUHc2nZZZjI/YlBhHb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 6240)

    • Starts CMD.EXE for self-deleting

      • 934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe (PID: 4400)

  • SUSPICIOUS

    • Application launched itself

      • 934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe (PID: 5752)
      • eventcreate.exe (PID: 4876)
      • eventcreate.exe (PID: 1512)
      • eventcreate.exe (PID: 4008)

    • Executable content was dropped or overwritten

      • 934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe (PID: 5752)
      • eventcreate.exe (PID: 4876)
      • 934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe (PID: 4400)
      • eventcreate.exe (PID: 1512)
      • eventcreate.exe (PID: 4008)

    • Hides command output

      • cmd.exe (PID: 6436)

    • The process executes via Task Scheduler

      • eventcreate.exe (PID: 1512)
      • eventcreate.exe (PID: 4008)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • eventcreate.exe (PID: 1512)
      • 934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe (PID: 5752)
      • eventcreate.exe (PID: 4876)
      • eventcreate.exe (PID: 4008)

    • Runs PING.EXE to delay simulation

      • cmd.exe (PID: 6436)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 6436)

    • Checks for external IP

      • eventcreate.exe (PID: 1596)
      • svchost.exe (PID: 2192)

    • Starts itself from another location

      • 934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe (PID: 4400)

    • Starts CMD.EXE for commands execution

      • 934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe (PID: 4400)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6240)

    • Manual execution by a user

      • 934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe (PID: 5752)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)

EXIF

ZIP

FileVersion: 7z v0.04
ModifyDate: 2024:07:12 21:20:12+00:00
ArchivedFileName: 934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
140
Monitored processes
14
Malicious processes
2
Suspicious processes
5

Behavior graph

Click at the process to see the details
start winrar.exe 934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe 934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe eventcreate.exe cmd.exe no specs conhost.exe no specs taskkill.exe no specs ping.exe no specs eventcreate.exe svchost.exe eventcreate.exe eventcreate.exe no specs eventcreate.exe eventcreate.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1512"C:\Users\admin\AppData\Roaming\{CF9A297B-AC74-EC8E-5C44-DEEA0D4DAE71}\eventcreate.exe"C:\Users\admin\AppData\Roaming\{CF9A297B-AC74-EC8E-5C44-DEEA0D4DAE71}\eventcreate.exe
svchost.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\roaming\{cf9a297b-ac74-ec8e-5c44-deea0d4dae71}\eventcreate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
1596"C:\Users\admin\AppData\Roaming\{CF9A297B-AC74-EC8E-5C44-DEEA0D4DAE71}\eventcreate.exe"C:\Users\admin\AppData\Roaming\{CF9A297B-AC74-EC8E-5C44-DEEA0D4DAE71}\eventcreate.exe
eventcreate.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\roaming\{cf9a297b-ac74-ec8e-5c44-deea0d4dae71}\eventcreate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\crypt32.dll
2192C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
3172\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4008"C:\Users\admin\AppData\Roaming\{CF9A297B-AC74-EC8E-5C44-DEEA0D4DAE71}\eventcreate.exe"C:\Users\admin\AppData\Roaming\{CF9A297B-AC74-EC8E-5C44-DEEA0D4DAE71}\eventcreate.exe
svchost.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
4400"C:\Users\admin\Desktop\934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe" C:\Users\admin\Desktop\934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe
934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\crypt32.dll
4516"C:\Users\admin\AppData\Roaming\{CF9A297B-AC74-EC8E-5C44-DEEA0D4DAE71}\eventcreate.exe"C:\Users\admin\AppData\Roaming\{CF9A297B-AC74-EC8E-5C44-DEEA0D4DAE71}\eventcreate.exeeventcreate.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
4876"C:\Users\admin\AppData\Roaming\{CF9A297B-AC74-EC8E-5C44-DEEA0D4DAE71}\eventcreate.exe"C:\Users\admin\AppData\Roaming\{CF9A297B-AC74-EC8E-5C44-DEEA0D4DAE71}\eventcreate.exe
934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\roaming\{cf9a297b-ac74-ec8e-5c44-deea0d4dae71}\eventcreate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
5404taskkill /t /f /im "934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe" C:\Windows\SysWOW64\taskkill.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5752"C:\Users\admin\Desktop\934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe" C:\Users\admin\Desktop\934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
3 112
Read events
3 080
Write events
32
Delete events
0

Modification events

(PID) Process:(6240) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6240) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6240) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6240) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.7z
(PID) Process:(6240) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6240) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6240) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6240) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6240) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(6240) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3D0000002D000000FD03000016020000
Executable files
7
Suspicious files
21
Text files
28
Unknown types
0

Dropped files

PID
Process
Filename
Type
5752934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exeC:\Users\admin\AppData\Roaming\EngineLoggerConfig.xmltext
MD5:3C776D54E30C91AB5003DB046C369C05
SHA256:B346158E5F2F3F9AE59F06D6129034F71740DC2482187A73BFE857FE8A093002
6240WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb6240.44285\934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exeexecutable
MD5:32559ED7885B5BD32DEDB03CC244D55B
SHA256:934301C0CF61DCB17E59C05676D508C6424DB9397A5EA13E1BC0D3EF2325779F
5752934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exeC:\Users\admin\AppData\Local\Temp\nsh1A01.tmp\System.dllexecutable
MD5:CA332BB753B0775D5E806E236DDCEC55
SHA256:DF5AE79FA558DC7AF244EC6E53939563B966E7DBD8867E114E928678DBD56E5D
5752934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exeC:\Users\admin\AppData\Roaming\default.table.frame.xmlhtml
MD5:11131B301360CB35DD6F0F6B9B837239
SHA256:A92EA20DCE28D0175239282B5D2C440A778C98956D08BCE52CB3E4FC15CAB16B
5752934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exeC:\Users\admin\AppData\Roaming\70-yes-bitmaps.confxml
MD5:6423E63E204D4EA4629CD3F58636FCDC
SHA256:56735CEEFD2EF4EB359FF0F21DF9AE25FD1542B73AC51CD0DBEDCE694430732F
5752934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exeC:\Users\admin\AppData\Roaming\CommonMessages_fr.xmlxml
MD5:B734C3F8BD71D9A7BDC6B95BEF93CE90
SHA256:89DEF78B70F8D8B07F1FC794CAF8F6BCF92FFC58893EE1DAF099A574B50D346D
5752934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exeC:\Users\admin\AppData\Roaming\boolean_double.jsbinary
MD5:137982004730352D2C28F2FBAA78C8B2
SHA256:D66EAF1491DB99BC9E6FA395CA2A461B676A230649992437ABEFF04DE0AA2EBD
5752934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exeC:\Users\admin\AppData\Roaming\Abidjanbinary
MD5:D803A36BDFDA24206049E32CDE7C2B2C
SHA256:A3082CB00066566478BF0E36E608D979628C3AB3DF3DBA0F8A67C2C1E99CD4B8
5752934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exeC:\Users\admin\AppData\Roaming\circleround_selectionsubpicture.pngimage
MD5:D162AE38748F5244FB3DE8451563A252
SHA256:412E9565B70A8E98A77AF4B9C921B9D0990BA835C87BB40EF56591E8E6FC5DAE
5752934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.exeC:\Users\admin\AppData\Roaming\but-next.pngimage
MD5:505F381EBC020405DE2F29DFB0FC2218
SHA256:78D2571AAD9E004F9FB31672C8195492722BCD42D88EC8ADD5D81A4F8AED8DEA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
2 081
DNS requests
19
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
2.16.164.106:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6152
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6916
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1596
eventcreate.exe
GET
200
34.117.59.81:80
http://ipinfo.io/json
unknown
shared
6916
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
2.16.164.106:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
2.23.209.177:443
www.bing.com
Akamai International B.V.
GB
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4652
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1176
svchost.exe
40.126.32.133:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1176
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 2.16.164.106
  • 2.16.164.99
  • 2.16.164.107
  • 2.16.164.114
  • 2.16.164.9
  • 2.16.164.18
  • 2.16.164.49
  • 2.16.164.89
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
google.com
  • 142.250.185.174
whitelisted
www.bing.com
  • 2.23.209.177
  • 2.23.209.176
  • 2.23.209.148
  • 2.23.209.185
  • 2.23.209.158
  • 2.23.209.161
  • 2.23.209.193
  • 2.23.209.150
  • 2.23.209.135
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.133
  • 20.190.160.14
  • 40.126.32.68
  • 40.126.32.138
  • 40.126.32.76
  • 40.126.32.136
  • 40.126.32.134
  • 40.126.32.140
whitelisted
go.microsoft.com
  • 23.218.210.69
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
arc.msn.com
  • 20.105.99.58
whitelisted
fd.api.iris.microsoft.com
  • 20.103.156.88
whitelisted

Threats

PID
Process
Class
Message
2192
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
1596
eventcreate.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ipinfo.io
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
934301c0cf61dcb17e59c05676d508c6424db9397a5ea13e1bc0d3ef2325779f.7z