b9ad79eaf7a4133f95f24c3b9d976c72f34264dc5c99030f0e57992cb5621f78

Reason

Machine shutdown

General

Target

AnyDesk.exe
Size

3.0MB
MD5

eb80f7bddb699784baa9fbf2941eaf4a
SHA1

df6abbfd20e731689f3c7d2a55f45ac83fbbc40b
SHA256

b9ad79eaf7a4133f95f24c3b9d976c72f34264dc5c99030f0e57992cb5621f78
SHA512

3a1162e9fef849cb7143dc1898d4cfcfd87eb80ced0edb321dfa096686b25ae8a9a7f3ae8f37a09724d94f96d64e08940fc23c0b931ddd8a1e70e2792cb3fe47
SSDEEP

98304:6aJXyQTrRGlSMoIuORmKBQielvZlpkiSti:3olMcR9BTY3WS

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Enumerates system info in registry 2 TTPs 32 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Configuration Data	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Identifier	csrss.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1	csrss.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2	csrss.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Configuration Data	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Component Information	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Component Information	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter	csrss.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Identifier	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2	csrss.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Component Information	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Configuration Data	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Component Information	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Identifier	csrss.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Configuration Data	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Component Information	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\1\KeyboardController	csrss.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Identifier	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Configuration Data	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1	csrss.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Identifier	csrss.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral	csrss.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0	csrss.exe

Modifies data under HKEY_USERS 9 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastUserLangID = "1033"	winlogon.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LastLoadedDPI = "96"	winlogon.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ColorName = "NormalColor"	winlogon.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\SizeName = "NormalSize"	winlogon.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages = 65006e002d00550053000000	winlogon.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager	winlogon.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\ThemeActive = "1"	winlogon.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\LoadedBefore = "1"	winlogon.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager\DllName = "%SystemRoot%\\resources\\themes\\Aero\\Aero.msstyles"	winlogon.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3068	Notepad.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
2804	AnyDesk.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1240	taskmgr.exe
Token: SeShutdownPrivilege	1256	LogonUI.exe
Token: SeShutdownPrivilege	1256	LogonUI.exe
Token: SeShutdownPrivilege	1256	LogonUI.exe
Token: SeShutdownPrivilege	1556	winlogon.exe
Token: SeShutdownPrivilege	1556	winlogon.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
2692	AnyDesk.exe
2692	AnyDesk.exe
2692	AnyDesk.exe
1948	AnyDesk.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
2692	AnyDesk.exe
2692	AnyDesk.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
2692	AnyDesk.exe
2692	AnyDesk.exe
2692	AnyDesk.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
1240	taskmgr.exe
2692	AnyDesk.exe
2692	AnyDesk.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2804	1948	AnyDesk.exe	29
PID 1948 wrote to memory of 2804	1948	AnyDesk.exe	29
PID 1948 wrote to memory of 2804	1948	AnyDesk.exe	29
PID 1948 wrote to memory of 2804	1948	AnyDesk.exe	29
PID 1948 wrote to memory of 2692	1948	AnyDesk.exe	28
PID 1948 wrote to memory of 2692	1948	AnyDesk.exe	28
PID 1948 wrote to memory of 2692	1948	AnyDesk.exe	28
PID 1948 wrote to memory of 2692	1948	AnyDesk.exe	28
PID 696 wrote to memory of 1256	696	csrss.exe	40
PID 696 wrote to memory of 1256	696	csrss.exe	40
PID 1556 wrote to memory of 1256	1556	winlogon.exe	40
PID 1556 wrote to memory of 1256	1556	winlogon.exe	40
PID 1556 wrote to memory of 1256	1556	winlogon.exe	40
PID 696 wrote to memory of 1256	696	csrss.exe	40
PID 696 wrote to memory of 1256	696	csrss.exe	40
PID 696 wrote to memory of 1256	696	csrss.exe	40
PID 696 wrote to memory of 1256	696	csrss.exe	40
PID 696 wrote to memory of 1256	696	csrss.exe	40
PID 696 wrote to memory of 1256	696	csrss.exe	40
PID 696 wrote to memory of 1256	696	csrss.exe	40
PID 696 wrote to memory of 1256	696	csrss.exe	40

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2692
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2804

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1240

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\RepairRemove.vbe"
1⤵
PID:552

C:\Windows\System32\Notepad.exe
"C:\Windows\System32\Notepad.exe" C:\Users\Admin\Desktop\RepairRemove.vbe
1⤵
- Opens file in notepad (likely ransom note)
PID:3068

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:696

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Windows\system32\LogonUI.exe
  "LogonUI.exe" /flags:0x0
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1256

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1220

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
cc30fb3673c3882966317287aa92eeb5

SHA1
ca181a8eaef6c0bc89f749596c52fd6661454851

SHA256
899b1d27fbb4d2b818d8147e743efdd0649a9221db563084d9bc2bf0a8a86d97

SHA512
2bc6b0716b6f478037692d6fec589322d0f7ee074fac3561749eeb095e0f11014a73f80a81a52bc499194032237af6813aceadb6124d08d80a2ccc442bd9e59c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
3ea7abf58b69d13e1be35a9d67e10ac1

SHA1
a8bdc4bfe960244fcd2c6c59f3cb7e4ce722a64a

SHA256
dfab9fad3df3d1bdbf93436a7fb8bfbdd19f87cf28512f251c62ba1236a6e015

SHA512
dbcadb94e86dc1ff446e3a6bb55506570c63c4307601e374e1ff66a1de0425e08e6af5613f2bfc4461133ba719543f4c84001f8b3773231df13030b2c82fc7fd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
105B

MD5
732272069ada87c57562e856b1a8039c

SHA1
5c541486cad7adcbb0bdb2bd2451b7d02149642b

SHA256
48442e1da20e29869de668b8686b1e3bf622a7d3bfd184092db9eead3f082044

SHA512
435c1a2a9a7514eb3a430f0dea746f9020b5bb727624690aaa5cc60b2fe6829b48077c10db1a19977c06d1a63defd3a2cbdcf5f783d0922f6f97c3242f9b3d66

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
330B

MD5
4ba49b30a59fede52eb6037c1cb1c0ba

SHA1
43034777c8a2d0c7e4f38ef59ef196ec267fbfbd

SHA256
83972efd55c6724626d6dbe1dad4c7341b35474595e762682f3b9c398efe6985

SHA512
677a084bff9e385ef08d2b1d3a47bd8346cc304c6ac537fff65a7c4543f233fdbd07caa5a5c64b0566cb9fd04b829f8d87022c3f2019df15664438afe1322338

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
226B

MD5
4f28cdfcb70866f4fb7c6cf0a6b4b4eb

SHA1
703877bf8914abb5162fb185c4e0ee7d839e3966

SHA256
fa0d299c5e015f3b2c955bee35a64efeab552ba6e1b74d878c3d32c24b676359

SHA512
a78cd9ca09431b231b784919be56f7d8c429e82c8031354e6731987fc6fcf5d5b938630355e16c5e3c598ccc1abecba435f0075887abb54846e6543f247b43ff

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
205B

MD5
59352c2b0c590c5fd96365d3168d723b

SHA1
53ab571639cc3e3a38032c1095985f7f4278d8fc

SHA256
079db0d18cb8ca55e8653f3d67608c5e445d32e368feb874ed3fa1d797c7c286

SHA512
2d21bcd26ef934095ca5b37aa1e66091547870f5e09c2d203dfd75923d2575f93f1a42f31e4fb7b2423b766984464ed65b048f49519837918de246a892c82828

Download Submit
memory/596-181-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/1220-170-0x0000000001A20000-0x0000000001A21000-memory.dmp

Filesize
4KB

Download
memory/1240-156-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1240-157-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1240-168-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1240-167-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1240-166-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1240-165-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1240-164-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/1256-169-0x0000000002BE0000-0x0000000002BE1000-memory.dmp

Filesize
4KB

Download
memory/1948-26-0x0000000003FC0000-0x0000000003FC1000-memory.dmp

Filesize
4KB

Download
memory/1948-20-0x0000000003B10000-0x0000000003B11000-memory.dmp

Filesize
4KB

Download
memory/1948-14-0x0000000003A30000-0x0000000003A31000-memory.dmp

Filesize
4KB

Download
memory/1948-13-0x0000000000F80000-0x0000000000F81000-memory.dmp

Filesize
4KB

Download
memory/1948-24-0x0000000003E70000-0x0000000003E71000-memory.dmp

Filesize
4KB

Download
memory/1948-25-0x0000000003FA0000-0x0000000003FA1000-memory.dmp

Filesize
4KB

Download
memory/1948-0-0x0000000000080000-0x0000000000C92000-memory.dmp

Filesize
12.1MB

Download
memory/1948-28-0x0000000003AA0000-0x0000000003AA1000-memory.dmp

Filesize
4KB

Download
memory/1948-29-0x0000000003B20000-0x0000000003B21000-memory.dmp

Filesize
4KB

Download
memory/1948-23-0x0000000003B60000-0x0000000003B61000-memory.dmp

Filesize
4KB

Download
memory/1948-80-0x0000000000080000-0x0000000000C92000-memory.dmp

Filesize
12.1MB

Download
memory/1948-3-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

Filesize
4KB

Download
memory/1948-27-0x0000000003630000-0x0000000003631000-memory.dmp

Filesize
4KB

Download
memory/1948-22-0x0000000003B50000-0x0000000003B51000-memory.dmp

Filesize
4KB

Download
memory/1948-1-0x0000000000080000-0x0000000000C92000-memory.dmp

Filesize
12.1MB

Download
memory/1948-21-0x0000000003B40000-0x0000000003B41000-memory.dmp

Filesize
4KB

Download
memory/1948-19-0x0000000003B00000-0x0000000003B01000-memory.dmp

Filesize
4KB

Download
memory/1948-18-0x0000000000F90000-0x0000000000F91000-memory.dmp

Filesize
4KB

Download
memory/2692-30-0x0000000000080000-0x0000000000C92000-memory.dmp

Filesize
12.1MB

Download
memory/2692-32-0x0000000000080000-0x0000000000C92000-memory.dmp

Filesize
12.1MB

Download
memory/2692-82-0x0000000000080000-0x0000000000C92000-memory.dmp

Filesize
12.1MB

Download
memory/2692-180-0x0000000000080000-0x0000000000C92000-memory.dmp

Filesize
12.1MB

Download
memory/2692-39-0x0000000000D90000-0x0000000000D91000-memory.dmp

Filesize
4KB

Download
memory/2804-31-0x0000000000080000-0x0000000000C92000-memory.dmp

Filesize
12.1MB

Download
memory/2804-90-0x0000000000080000-0x0000000000C92000-memory.dmp

Filesize
12.1MB

Download
memory/2804-81-0x0000000000080000-0x0000000000C92000-memory.dmp

Filesize
12.1MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads