fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca

Analysis

max time kernel
1761s
max time network
1799s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19-12-2024 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.3MB
MD5

0a269c555e15783351e02629502bf141
SHA1

8fefa361e9b5bce4af0090093f51bcd02892b25d
SHA256

fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca
SHA512

b1784109f01d004f2f618e91695fc4ab9e64989cdedc39941cb1a4e7fed9032e096190269f3baefa590cc98552af5824d0f447a03213e4ae07cf55214758725a
SSDEEP

98304:Uc9HTcGO0ImBimas54Ub5ixTStxZi/l9K0+zLVasSe4JnzMpm+Gq:UcpYGO0IOqs57bUwxG9CVaskJIYE

Score

5^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Control Panel\International\Geo\Nation	AnyDesk.exe

Loads dropped DLL 2 IoCs

pid	Process
2956	AnyDesk.exe
2912	AnyDesk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
2956	AnyDesk.exe
2956	AnyDesk.exe
2956	AnyDesk.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	2132	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2132	AUDIODG.EXE
Token: 33	2132	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2132	AUDIODG.EXE
Token: 33	1736	AnyDesk.exe
Token: SeIncBasePriorityPrivilege	1736	AnyDesk.exe

Suspicious use of FindShellTrayWindow 10 IoCs

pid	Process
2956	AnyDesk.exe
2956	AnyDesk.exe
2956	AnyDesk.exe
2956	AnyDesk.exe
2956	AnyDesk.exe
2956	AnyDesk.exe
2956	AnyDesk.exe
2956	AnyDesk.exe
2956	AnyDesk.exe
2956	AnyDesk.exe

Suspicious use of SendNotifyMessage 10 IoCs

pid	Process
2956	AnyDesk.exe
2956	AnyDesk.exe
2956	AnyDesk.exe
2956	AnyDesk.exe
2956	AnyDesk.exe
2956	AnyDesk.exe
2956	AnyDesk.exe
2956	AnyDesk.exe
2956	AnyDesk.exe
2956	AnyDesk.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1736	AnyDesk.exe
1736	AnyDesk.exe
1736	AnyDesk.exe
1736	AnyDesk.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2912	1736	AnyDesk.exe	30
PID 1736 wrote to memory of 2912	1736	AnyDesk.exe	30
PID 1736 wrote to memory of 2912	1736	AnyDesk.exe	30
PID 1736 wrote to memory of 2912	1736	AnyDesk.exe	30
PID 1736 wrote to memory of 2956	1736	AnyDesk.exe	31
PID 1736 wrote to memory of 2956	1736	AnyDesk.exe	31
PID 1736 wrote to memory of 2956	1736	AnyDesk.exe	31
PID 1736 wrote to memory of 2956	1736	AnyDesk.exe	31

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2912
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2956

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x534
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
4KB

MD5
d79001461aa1efc5295fa4766b1a9219

SHA1
4d924ade249d284a0f92b7d6b9ad5ccc8a15fe1b

SHA256
2ec2a4b1554c32076829fe3759dcb84a4abc7827c4dfdcf691c7d0eaecdb0891

SHA512
c312c02c4e79fa553b0f7961b09d5270b76da18618fbd458631301a8295935b3755c8360474f456026387d570ad69be5e9c7dcff5bba9aed777723da5851e283

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
e313dcfb56931c1b01a907bad44de713

SHA1
fb6c062c84e8358386403fcecda23a23fb9e4bb2

SHA256
e23a50fe71864a275fc6bff141a7cd09b38eefec11cecf71b634eedb6e0628fe

SHA512
08054c46a2d0b992061358a6041070eade5349246297460a9b5c8a250db79800a164eaf4ee0a9d00a1957a4a951c364820ceb6da5ca3714776dd5e252b525b93

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
9ecc0fddc0a50315c593962a04c1b589

SHA1
505c37827c6ddb277359d95a97b275ce950e0d75

SHA256
45041ec5356672e1e162c72a6f1ef4c6b5e2381570b871b8e5657687ada918f9

SHA512
80b0c8917a741cf7a5114448f62c78da875be474b6761b710df19ba44b02974506d7e3e19cf41de6bca7c00fd2103e6c03480a7bb18e966fb46636d83efaebf2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
f2312b66e3eca2a09d818b03100b0934

SHA1
5bc11c31cd5e7fc0ce25c327bfa1ba51e3743849

SHA256
d250185781f81455883fd476ee73886503086727c0596f29d379e5464102784a

SHA512
4f5dbfc84ea70213cb05aa99c479a6e90bc49335ce1b7849f107508e213eef6babd2cffb74cac2c807f9e41c1309631f891e621c5aa00d17d05262e8ec6d6797

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
697B

MD5
af4092647c0fefabb5298ed49107bb6d

SHA1
31d3886f215f72c9b05fc15cf03b64479a41fd4d

SHA256
2bb072270597ac1b4dd26ed57264df19f339b0eb4d2a02a6211713d230fc6013

SHA512
19f68d0cd31f12a250e895c7dc93c580eeed8aed0e0e02c9488f46d82b099dc0dcda3078d9e13debfd25977aa4e051a7bc142476feb8657efeecc7fb378d6224

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
754B

MD5
0b0305c04e124184eb42025b33ccb5c9

SHA1
c33f4ef3f933634ef467a6559128212e6ef3c95e

SHA256
27f3382b3ae16cead2af0ae4dc5cfc384b5dde7652428e31398f7d7a98fc4c41

SHA512
b9737208700c39ed3a2aa37a1491bd8f3a87db71b045a74bcb1a79e5ac39bd8afce449a691c7fd8b7d5f6d6645165f36eb7ff4653ed9ab0988f1aefe73eaf6ac

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
762B

MD5
0b9267c113a5b1f6e5973a91bdfb5232

SHA1
490d9e403664697af58877f30105fe2fdab66237

SHA256
37f7c18c9feacb516b6c0a9b18155d0939026624500d55a9cf1f10ecd0aeff3c

SHA512
227f00025b05f28393e918cb36c60acc0b908fbec85b02959c0f8d311e88c4007493bcce02715f217c684a7fe1307eebd0a316f447f3df1c4cf663c900bd6a5e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
831B

MD5
bbfce2c335ddd030b0d7be7705dba0d4

SHA1
0199c3b2f503dba18d797881d6024b8fc50d47fa

SHA256
32c594f1b141a15d44bb1fac771117e11439246fdecf27c1c9cc3e4baa2646f7

SHA512
2e14d7453b4ece9b9273b44fadcaaae74fd6882ed774efbfebbd45ec95fa830485cdae414e18b95431e95efa80748830140b51ceacc52c83c4b0135f1aecd00a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
ba8f4b986d75f1361b34a36fcad708aa

SHA1
d5626a35cfd67ee5fd62ed55cb765b671ff61115

SHA256
b13069c5fc17ad94df4e233a6c11a89490e45fc959e4687d31a58354250a5ae4

SHA512
5c783ad3ceecabba6d3332cb733ccc70a08f1dc1c076dea5b24ba93b48e3eadd9e1e83ad3b5209457e254fa95c01b6a93499c4e4743fa25513e73b4a3743b212

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
e0b5815ea784f56f1bd76738549d4578

SHA1
df345bb47c5a4cef4518f34bd00e15af324f9742

SHA256
841128c36aa2dc060179a1f6e6a860bd4b9ab5c70d3a2894330f9dc4b4f8ebb8

SHA512
5b3be29daea749178327c25ad0d9f785b7791f02d749cef1890069d0772111f38e31bb7e876fdb58c8234db293a7670b7ed570058bb226918fc6b1964a16e5fb

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
c7b26a1bb1bff9eacd204311cdbc5271

SHA1
f367a62a3322307204f9dce551df71111062214d

SHA256
a98f6739eb5118e60f2580cb2f7543c5e2d234b366d909809e8a8ade9ca6c836

SHA512
8439e2837051a238b535e12fa8603aa9f734bb4bf4fd97e142deba4c90173e39050c1d529c733f5fc52c2e6203368b8ce066d7239cee71c895ea876a811310c9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
103872b0b3529eef5cd988ed350aac2d

SHA1
b4cd25558eea93d06e7de2cf613246aa0414e526

SHA256
619df0944e83b16d83e528ff302a894c0cde910edca3faacb0c0be7ff4a8573e

SHA512
5a26041a731af9d8b2def59c23d8b2d1dc18e882fd360ad0e0267d5939c3d962c5e1af01a3621ceafe0ea29498adc953902854643a904e22fc20bec7d676b958

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
7ddbd7bedadfc8e1ec30f5b9454083be

SHA1
f48ec4255466379c75d7898d6163b0408af1512b

SHA256
a6fd9461e5603666cda41614a276c7ebf9e870dea1bc64ab7a46cefac73e7e24

SHA512
60152c766a2dae12b26912200e0114e20e344f52d059ced8a0dba56735736cabd7a095e95b886f333b358e7b7f7a253ec9d1bfff5cc6943ee5f3cb22bf260cd5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
e880e49f7080e08e99f7278b6b36a5f5

SHA1
92c28af76586d10d46b1dbbff47e4c4e6b0b015d

SHA256
d1c488190c06695eb251aaea377ec091f81006742e0e216783f74374908004bd

SHA512
f13e43d18f4d584e1cc500424ec1c912e4681b4169ff33596efa444f0aaa1974b38fe8e0ec086c1a6260988856fbb38ff8d7db95860ef56356495ce0b0df69bf

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
f2b96adfb19e81736e34a32e0aeb05bc

SHA1
6bf353112d5f9affe35d37e0d8ae97f8b27e1db0

SHA256
855434d271549a62d02fc8f6017165421fcd504d9bb1563bf670d7c8c542675c

SHA512
aab513b2041dc37f6d26f0e21832a838b22ce4ee2f268948950cae8b721afdc358103f9e407ecb299021d58a335a8399c345c83eba0659bc2808dc6096f78d44

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
11be4ae394b65dce1d078e27b58fc8ff

SHA1
d16d530b0b4bc3f98b34d2c073a2bdc76a84a4c4

SHA256
be67dfb6c4b94d0bb517b1ff00fa8aac3646e0e840a45249e75008cbe5871f92

SHA512
78dedc2951acc1eeafb0589288bda86ca50d8d9f67b079ad5e6bc187fadb6bd9cb3740fe1ebb98c83b514e86564e5705807398da3a0b2a8f82dfcb661d36287f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
d1b29f30c99b9023afeb0bfa628194d7

SHA1
32c80c68d046b9e10070cff44262f667fb37e6f5

SHA256
a637dda1b573036ffa8f62120664cf250b8c6374a1200d23e6a4b1615bf7c391

SHA512
3cc5ed565e53f7dd2f6723ad817498be8ee809994f51e4139212d4eba0fc5db2db8d5ddfcf4b73ea7b508468d7be07dd4f6bfc4070a92fcd97e75995a449a11a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
427fb7d418921f288aa7a80abcf66631

SHA1
97935b194baff9a8adcf539d6231408b1446abc0

SHA256
f31d37ed7c568f919706b4cbbf8ba05527db1b36a7a0d71e24ef99a2455f074f

SHA512
ed12e60b7c4530b09101acba7e2efa77948a03f0819bfef46ffdca0f0cda8c65ac879ea14c7b7df9cd94516e93c5bf5f6e595aae12981ae2131fa58881c3d487

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
966224b7d56adcb9c17f9681935e3fd0

SHA1
4dd47c08a4b50b5ffb3331ac7dfb9374244340fd

SHA256
6c038725ca824067efff6cf0ac10b2ce9878b006cd66d03432899a866ea1555c

SHA512
2c1b4184a94013fc13047ef02cfd5a5d778db1e4389aee6af5215919643c126b85ac8125b3b30bd8e14f8119c6fcfcbe6a96fd647c75f0b5bb04600f34038d4e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
b73f6c75b56e06140a86eff4735565e2

SHA1
b433bb06700d79b6ccdc4a072634ff2f94b13d92

SHA256
d0ff0c7ea1602ebc9ef347457844d3a7b2fbc0506ee1420cd587ad0b357a0e4c

SHA512
0b878ebaf89b3af0c46e3feef0c4db496cf1148062c8c375f10df9bac720ef18d0cda9e9929041924bac3fdfcb5f6d59ecfa0047b02c52e31438f1c45ea97f4f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
8cf527053f449ee3aba05e9102d11182

SHA1
1994e0efe6c0278300d3d403c240c1423808ebed

SHA256
e595fb3c29f956a2458cb2ddfb6f34a9726b662442e1c354f575ff3794c5360f

SHA512
38fe5bca2f0bd6676c693ee43dd261a767b0aa558977bce96e169c305f746a42f999065df19ab5c782edf2296d587534c17526d52057abbf2f12fab484170433

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
0c491d03ccbdea54d7e5921fa93c852a

SHA1
875ce3f4aef3780264e13f41deaa3c899f73f85f

SHA256
532390652e9481fbb4b441dfff1ad51a1f679e41e49c25299cad5dfddad51ca7

SHA512
c389bad4ff1516fd1ffc837e52a7ea9d7662450eec21c146b97ae8fa05ff208e59b2d2321d0390420787ebd98a453e0baafcca61edcf64c97ebd62a4468253e8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
5KB

MD5
341071d0b5d48477708c560a6b19f588

SHA1
29ca65786c7caae8f373895a8d7ee501191da66a

SHA256
5297a77371d4636143fd99126fd5c189a88b2044e0d5d98982404ea83c15e5fb

SHA512
064c13bf89f85792f1ed3394e7c006c1b49d2ab10e7b52b40cb7e1c300d2efd4d603dcb30688cbef22707080bf1cfcf7b8f29d0196b353d379109d60ad6cca7a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms~RFf787021.TMP

Filesize
3KB

MD5
a27a09200d86882b08242f6babb0e867

SHA1
86dfa12608488c4ae518796b4106795dbdfed30e

SHA256
ad4447c12ad093f83284394d50a92fb6a90cf87a5bb3396016cafaf40b594061

SHA512
83c45b4c7d9a17ad7f15ea0ebeb431cdc74c0dc40aa8c8c14fce8a38b2b052bddce3f315c30cc102a4506e4c9ffb14b9b9b10bc874fbe552f7c14515b9ca462e

Download Submit
\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
memory/1736-312-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/1736-337-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/1736-265-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/1736-365-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/1736-1-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/1736-357-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/1736-243-0x00000000009F4000-0x0000000001AF6000-memory.dmp

Filesize
17.0MB

Download
memory/1736-242-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/1736-296-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/1736-351-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/1736-301-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/1736-5-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/1736-305-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/1736-249-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/1736-2-0x00000000009F4000-0x0000000001AF6000-memory.dmp

Filesize
17.0MB

Download
memory/1736-334-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/2912-307-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/2912-14-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/2912-313-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/2912-335-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/2912-316-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/2912-339-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/2912-302-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/2912-298-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/2912-244-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/2912-272-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/2956-25-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/2956-336-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download
memory/2956-245-0x00000000009F0000-0x0000000002032000-memory.dmp

Filesize
22.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads