Try VMRay Platform
Malicious
Classifications

Backdoor

Threat Names

-

Dynamic Analysis Report

Created on 2022-08-05T17:46:02+00:00

fb9f0bf2b71bf576053c56cb913ea4e93581fc9d3aa9d6d8a0ae572a1622f050.msi

MSI Setup
...

Remarks (2/3)

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "1 minute, 4 seconds" to "10 seconds" to reveal dormant functionality.

(0x02000005): The operating system was rebooted during the analysis because the sample installed a new system service.

Remarks

(0x0200005D): 2 additional dumps with the reason "Content Changed" and a total of 31 MB were skipped because the respective maximum limit was reached.

Filters:
File Name Category Type Verdict Actions
C:\Users\KEECFM~1\Desktop\fb9f0bf2b71bf576053c56cb913ea4e93581fc9d3aa9d6d8a0ae572a1622f050.msi Sample File MSI
Malicious
...
»
Also Known As C:\Users\kEecfMwgj\Desktop\fb9f0bf2b71bf576053c56cb913ea4e93581fc9d3aa9d6d8a0ae572a1622f050.msi (Sample File, VM File)
C:\Windows\Installer\1876eff.msi (Accessed File)
MIME Type application/x-msi
File Size 3.88 MB
MD5 6cf5ad7a7d1b7bab0c62e246cf41a985 Copy to Clipboard
SHA1 b06a03adc550ead96534f5e723395c4e16bfdf44 Copy to Clipboard
SHA256 fb9f0bf2b71bf576053c56cb913ea4e93581fc9d3aa9d6d8a0ae572a1622f050 Copy to Clipboard
SSDeep 98304:pp+vXhd7YjjTcLO6KnQh5YUNa/ckQGQCWijuYAHw:+zkTciIYUNuNCAuPH Copy to Clipboard
ImpHash -
c:\programdata\anydesk.exe Dropped File Binary
Suspicious
Lowered to Suspicious because the artifact is known to be Clean or Trusted.
...
»
Also Known As C:\ProgramData\AnyDesk\AnyDesk.exe (Accessed File, Dropped File)
Parent File install.exe
MIME Type application/vnd.microsoft.portable-executable
File Size 3.65 MB
MD5 1bc5890c9e7bf54b7712e344b0af9d04 Copy to Clipboard
SHA1 78c9302c7a387a8d158f38d501784be9b8b2716d Copy to Clipboard
SHA256 af61905129f377f5934b3bbf787e8d2417901858bb028f40f02200e985ee62f6 Copy to Clipboard
SSDeep 98304:nDFWG1bqjvcLIsoh5GbmkNC3dv2tthJ2/Ev6l3H:n7svcsImkN4chYECl3 Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
PE Information
»
Image Base 0x00400000
Entry Point 0x00401CE9
Size Of Code 0x00002A00
Size Of Initialized Data 0x003A0A00
Size Of Uninitialized Data 0x00BD5E00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2022-03-16 13:36 (UTC+1)
Version Information (6)
»
CompanyName AnyDesk Software GmbH
FileDescription AnyDesk
FileVersion 7.0.7
ProductName AnyDesk
ProductVersion 7.0
LegalCopyright (C) 2022 AnyDesk Software GmbH
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x00002835 0x00002A00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.52
.itext 0x00404000 0x00BD5E00 0x00000000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x00FDA000 0x000002FA 0x00000400 0x00002E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.64
.data 0x00FDB000 0x0039B7A4 0x0039B400 0x00003200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 8.0
.rsrc 0x01377000 0x00004850 0x00004A00 0x0039E600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.01
.reloc 0x0137C000 0x00000300 0x00000400 0x003A3000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 1.18
Digital Signature Information
»
Verification Status Valid
Certificate: philandro Software GmbH
»
Issued by philandro Software GmbH
Parent Certificate DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Country Name DE
Valid From 2021-12-13 01:00 (UTC+1)
Valid Until 2025-01-09 00:59 (UTC+1)
Algorithm sha256_rsa
Serial Number 0D BF 15 2D EA F0 B9 81 A8 A9 38 D5 3F 76 9D B8
Thumbprint 9C D1 DD B7 8E D0 52 82 35 3B 20 CD FE 8F A0 A4 FB 6C 1E CE
Certificate: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
»
Issued by DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Country Name US
Valid From 2021-04-29 02:00 (UTC+2)
Valid Until 2036-04-29 01:59 (UTC+2)
Algorithm sha384_rsa
Serial Number 08 AD 40 B2 60 D2 9C 4C 9F 5E CD A9 BD 93 AE D9
Thumbprint 7B 0F 36 0B 77 5F 76 C9 4A 12 CA 48 44 5A A2 D2 A8 75 70 1C
Memory Dumps (107)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
anydesk.exe 15 0x00A40000 0x019BCFFF Relevant Image False 32-bit 0x00A4379C False
...
anydesk.exe 15 0x00A40000 0x019BCFFF Content Changed False 32-bit 0x00F614E0 False
...
anydesk.exe 15 0x00A40000 0x019BCFFF Content Changed False 32-bit 0x00F610E2 False
...
anydesk.exe 15 0x00A40000 0x019BCFFF Content Changed False 32-bit 0x00F9F835 False
...
anydesk.exe 15 0x00A40000 0x019BCFFF Final Dump False 32-bit 0x00C4F9BA False
...
anydesk.exe 30 0x00FD0000 0x01F4CFFF Relevant Image False 32-bit 0x00FD379C False
...
anydesk.exe 30 0x00FD0000 0x01F4CFFF Content Changed False 32-bit 0x014F14E0 False
...
buffer 30 0x0394E000 0x0394FFFF First Network Behavior False 32-bit - False
...
buffer 30 0x0321D000 0x0321FFFF First Network Behavior False 32-bit - False
...
buffer 30 0x028FE000 0x028FFFFF First Network Behavior False 32-bit - False
...
buffer 30 0x02CBE000 0x02CBFFFF First Network Behavior False 32-bit - False
...
buffer 30 0x00DFD000 0x00DFFFFF First Network Behavior False 32-bit - False
...
buffer 30 0x00322000 0x0036FFFF First Network Behavior False 32-bit - False
...
buffer 30 0x003B09F0 0x003B0A6F First Network Behavior False 32-bit - False
...
buffer 30 0x003B2148 0x003B2947 First Network Behavior False 32-bit - False
...
buffer 30 0x003B2978 0x003B2B8B First Network Behavior False 32-bit - False
...
buffer 30 0x003BE218 0x003BE517 First Network Behavior False 32-bit - False
...
buffer 30 0x003BE520 0x003BE69F First Network Behavior False 32-bit - False
...
buffer 30 0x003BE6A8 0x003BE827 First Network Behavior False 32-bit - False
...
buffer 30 0x003BED08 0x003BEE6B First Network Behavior False 32-bit - False
...
buffer 30 0x003BF6A8 0x003BF77F First Network Behavior False 32-bit - False
...
buffer 30 0x003BF920 0x003BFA05 First Network Behavior False 32-bit - False
...
buffer 30 0x003BFA10 0x003BFADF First Network Behavior False 32-bit - False
...
buffer 30 0x003BFAE8 0x003BFEE7 First Network Behavior False 32-bit - False
...
buffer 30 0x00E00AE0 0x00E00B7F First Network Behavior False 32-bit - False
...
buffer 30 0x00E07808 0x00E07887 First Network Behavior False 32-bit - False
...
buffer 30 0x00E079A0 0x00E07A1F First Network Behavior False 32-bit - False
...
buffer 30 0x00E07A28 0x00E07AA7 First Network Behavior False 32-bit - False
...
buffer 30 0x00E07AB0 0x00E07B2F First Network Behavior False 32-bit - False
...
buffer 30 0x00E0AD30 0x00E0ADB7 First Network Behavior False 32-bit - False
...
buffer 30 0x00E0B2D0 0x00E0B355 First Network Behavior False 32-bit - False
...
buffer 30 0x00E0F728 0x00E0F867 First Network Behavior False 32-bit - False
...
buffer 30 0x00E17610 0x00E176BA First Network Behavior False 32-bit - False
...
buffer 30 0x00E176C8 0x00E17773 First Network Behavior False 32-bit - False
...
buffer 30 0x00E17838 0x00E178E3 First Network Behavior False 32-bit - False
...
buffer 30 0x00E178F0 0x00E1799B First Network Behavior False 32-bit - False
...
buffer 30 0x00E179A8 0x00E17A53 First Network Behavior False 32-bit - False
...
buffer 30 0x00E17BD0 0x00E17C7B First Network Behavior False 32-bit - False
...
buffer 30 0x00E23E98 0x00E23F2A First Network Behavior False 32-bit - False
...
buffer 30 0x00E36768 0x00E368BE First Network Behavior False 32-bit - False
...
buffer 30 0x00E37888 0x00E47787 First Network Behavior False 32-bit - False
...
buffer 30 0x00E47790 0x00E478DA First Network Behavior False 32-bit - False
...
buffer 30 0x00E478E8 0x00E479EF First Network Behavior False 32-bit - False
...
buffer 30 0x00E47DF8 0x00E481F7 First Network Behavior False 32-bit - False
...
buffer 30 0x00E48200 0x00E48413 First Network Behavior False 32-bit - False
...
buffer 30 0x00E48640 0x00E48787 First Network Behavior False 32-bit - False
...
buffer 30 0x00E48790 0x00E488D7 First Network Behavior False 32-bit - False
...
buffer 30 0x00E49800 0x00E498FF First Network Behavior False 32-bit - False
...
buffer 30 0x00E4ADA0 0x00E4B01F First Network Behavior False 32-bit - False
...
buffer 30 0x00E4FF70 0x00E51DA3 First Network Behavior False 32-bit - False
...
buffer 30 0x00E52CC8 0x00E5354B First Network Behavior False 32-bit - False
...
buffer 30 0x00E53EE0 0x00E54763 First Network Behavior False 32-bit - False
...
buffer 30 0x00E55F70 0x00E56CC1 First Network Behavior False 32-bit - False
...
buffer 30 0x00E5B740 0x00E5BEEB First Network Behavior False 32-bit - False
...
anydesk.exe 36 0x001E0000 0x0115CFFF Relevant Image False 32-bit 0x001E379C False
...
anydesk.exe 36 0x001E0000 0x0115CFFF Content Changed False 32-bit 0x007014E0 False
...
buffer 36 0x0366E000 0x0366FFFF First Network Behavior False 32-bit - False
...
buffer 36 0x0307D000 0x0307FFFF First Network Behavior False 32-bit - False
...
buffer 36 0x026FE000 0x026FFFFF First Network Behavior False 32-bit - False
...
buffer 36 0x02EBE000 0x02EBFFFF First Network Behavior False 32-bit - False
...
buffer 36 0x01D2D000 0x01D2FFFF First Network Behavior False 32-bit - False
...
buffer 36 0x012D2000 0x0131FFFF First Network Behavior False 32-bit - False
...
buffer 36 0x019309F0 0x01930A6F First Network Behavior False 32-bit - False
...
buffer 36 0x01932148 0x01932947 First Network Behavior False 32-bit - False
...
buffer 36 0x01932978 0x01932B8B First Network Behavior False 32-bit - False
...
buffer 36 0x0193E218 0x0193E517 First Network Behavior False 32-bit - False
...
buffer 36 0x0193E520 0x0193E69F First Network Behavior False 32-bit - False
...
buffer 36 0x0193E6A8 0x0193E827 First Network Behavior False 32-bit - False
...
buffer 36 0x0193ED08 0x0193EE6B First Network Behavior False 32-bit - False
...
buffer 36 0x0193F6A8 0x0193F77F First Network Behavior False 32-bit - False
...
buffer 36 0x0193F920 0x0193FA05 First Network Behavior False 32-bit - False
...
buffer 36 0x0193FA10 0x0193FADF First Network Behavior False 32-bit - False
...
buffer 36 0x0193FAE8 0x0193FEE7 First Network Behavior False 32-bit - False
...
buffer 36 0x01964B00 0x01964B7F First Network Behavior False 32-bit - False
...
buffer 36 0x019651A8 0x01965EF9 First Network Behavior False 32-bit - False
...
buffer 36 0x01965F08 0x019666B3 First Network Behavior False 32-bit - False
...
buffer 36 0x01969638 0x0196972E First Network Behavior False 32-bit - False
...
buffer 36 0x01969BA8 0x01969DBF First Network Behavior False 32-bit - False
...
buffer 36 0x0196AD30 0x0196ADB7 First Network Behavior False 32-bit - False
...
buffer 36 0x0196AEE0 0x0196AF63 First Network Behavior False 32-bit - False
...
buffer 36 0x0196AF70 0x0196AFF5 First Network Behavior False 32-bit - False
...
buffer 36 0x0196B3F0 0x0196B473 First Network Behavior False 32-bit - False
...
buffer 36 0x0196B480 0x0196B503 First Network Behavior False 32-bit - False
...
buffer 36 0x0196B510 0x0196B593 First Network Behavior False 32-bit - False
...
buffer 36 0x0196BE90 0x0196BFCF First Network Behavior False 32-bit - False
...
buffer 36 0x0196F728 0x0196F867 First Network Behavior False 32-bit - False
...
buffer 36 0x01971D18 0x01971E1B First Network Behavior False 32-bit - False
...
buffer 36 0x01971E28 0x01971F27 First Network Behavior False 32-bit - False
...
buffer 36 0x01973730 0x019738F6 First Network Behavior False 32-bit - False
...
buffer 36 0x019738C8 0x01973947 First Network Behavior False 32-bit - False
...
buffer 36 0x01977330 0x019773DA First Network Behavior False 32-bit - False
...
buffer 36 0x019773E8 0x01977493 First Network Behavior False 32-bit - False
...
buffer 36 0x01977610 0x019776BB First Network Behavior False 32-bit - False
...
buffer 36 0x019776C8 0x01977773 First Network Behavior False 32-bit - False
...
buffer 36 0x019778F0 0x0197799B First Network Behavior False 32-bit - False
...
buffer 36 0x01983258 0x019832EA First Network Behavior False 32-bit - False
...
buffer 36 0x019917C0 0x0199185F First Network Behavior False 32-bit - False
...
buffer 36 0x01991A60 0x01991AFF First Network Behavior False 32-bit - False
...
buffer 36 0x01991B08 0x01991BA7 First Network Behavior False 32-bit - False
...
buffer 36 0x01993E50 0x019945FB First Network Behavior False 32-bit - False
...
buffer 36 0x01994608 0x01995359 First Network Behavior False 32-bit - False
...
buffer 36 0x019A6270 0x019A666F First Network Behavior False 32-bit - False
...
buffer 36 0x019A6678 0x019A688B First Network Behavior False 32-bit - False
...
buffer 36 0x019A8DF0 0x019A9673 First Network Behavior False 32-bit - False
...
buffer 36 0x019ABDF0 0x019ABEE6 First Network Behavior False 32-bit - False
...
anydesk.exe 36 0x001E0000 0x0115CFFF First Network Behavior False 32-bit 0x0060E660 False
...
anydesk.exe 36 0x001E0000 0x0115CFFF Final Dump False 32-bit 0x00665EC7 False
...
C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\files.cab Dropped File CAB
Clean
...
»
Also Known As files.cab (Accessed File)
MIME Type application/vnd.ms-cab-compressed
File Size 3.63 MB
MD5 223fa9756fce44168abd5db7afa03fad Copy to Clipboard
SHA1 2e8bfc88819353490ec4c201445dc004fa9aaff5 Copy to Clipboard
SHA256 a929c064c064a1b5013b8fbce01feb7ae08e6bd9b05106dcda8320f9db0fb13d Copy to Clipboard
SSDeep 98304:bvXhd7YjjTcLO6KnQh5YUNa/ckQGQCWijuYAHwO:bzkTciIYUNuNCAuPHD Copy to Clipboard
ImpHash -
Archive Information
»
Number of Files 1
Number of Folders 0
Size of Packed Archive Contents 3.66 MB
Size of Unpacked Archive Contents 3.66 MB
File Format cab
Contents (1)
»
File Name Packed Size Unpacked Size Compression Is Encrypted Modify Time Verdict Recursively Submitted Actions
install.exe 3.66 MB 3.66 MB LZX:18 False 2022-06-06 16:06 (UTC+2)
Clean
-
...
C:\Windows\Installer\MSI2306.tmp Dropped File Binary
Clean
Known to be clean.
...
»
Also Known As C:\Windows\Installer\MSI8ECF.tmp (Accessed File, Dropped File)
MIME Type application/vnd.microsoft.portable-executable
File Size 208.00 KB
MD5 4caaa03e0b59ca60a3d34674b732b702 Copy to Clipboard
SHA1 ee80c8f4684055ac8960b9720fb108be07e1d10c Copy to Clipboard
SHA256 d01af2b8c692dffb04a5a04e3ccd0d0a3b2c67c8fc45a4b68c0a065b4e64cc3d Copy to Clipboard
SSDeep 3072:AspAtOdmXwCGjtYNKbYO2gjpcm8rRuqpjCLw2loHUvU4yGxr53qM2a8:2tOdiRQYpgjpjew5LLyGx1qo8 Copy to Clipboard
ImpHash cecea4d0d0f83dee27488cc1d7b92810 Copy to Clipboard
File Reputation Information
»
Verdict
Clean
Known to be clean.
PE Information
»
Image Base 0x10000000
Entry Point 0x10010D4B
Size Of Code 0x00026800
Size Of Initialized Data 0x0000D400
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2021-02-18 22:32 (UTC+1)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00026606 0x00026800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.65
.rdata 0x10028000 0x00008FAD 0x00009000 0x00026C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.73
.data 0x10031000 0x00003598 0x00001800 0x0002FC00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.91
.rsrc 0x10035000 0x000001B4 0x00000200 0x00031400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.11
.reloc 0x10036000 0x0000298E 0x00002A00 0x00031600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.44
Imports (7)
»
RPCRT4.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
UuidCreate - 0x100281DC 0x00030360 0x0002EF60 0x000001F3
RpcStringFreeW - 0x100281E0 0x00030364 0x0002EF64 0x000001EA
UuidToStringW - 0x100281E4 0x00030368 0x0002EF68 0x000001FC
msi.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
None 0x000000A0 0x10028244 0x000303C8 0x0002EFC8 -
None 0x0000009F 0x10028248 0x000303CC 0x0002EFCC -
None 0x00000020 0x1002824C 0x000303D0 0x0002EFD0 -
None 0x00000031 0x10028250 0x000303D4 0x0002EFD4 -
None 0x00000067 0x10028254 0x000303D8 0x0002EFD8 -
None 0x0000007D 0x10028258 0x000303DC 0x0002EFDC -
None 0x00000011 0x1002825C 0x000303E0 0x0002EFE0 -
None 0x00000008 0x10028260 0x000303E4 0x0002EFE4 -
None 0x00000091 0x10028264 0x000303E8 0x0002EFE8 -
None 0x0000004A 0x10028268 0x000303EC 0x0002EFEC -
None 0x00000078 0x1002826C 0x000303F0 0x0002EFF0 -
KERNEL32.dll (101)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadResource - 0x10028044 0x000301C8 0x0002EDC8 0x000002F6
LockResource - 0x10028048 0x000301CC 0x0002EDCC 0x00000307
SizeofResource - 0x1002804C 0x000301D0 0x0002EDD0 0x00000420
FindResourceW - 0x10028050 0x000301D4 0x0002EDD4 0x00000139
FindResourceExW - 0x10028054 0x000301D8 0x0002EDD8 0x00000138
GetLastError - 0x10028058 0x000301DC 0x0002EDDC 0x000001E6
CloseHandle - 0x1002805C 0x000301E0 0x0002EDE0 0x00000043
WaitForSingleObject - 0x10028060 0x000301E4 0x0002EDE4 0x00000464
Sleep - 0x10028064 0x000301E8 0x0002EDE8 0x00000421
FindFirstFileW - 0x10028068 0x000301EC 0x0002EDEC 0x00000124
FindNextFileW - 0x1002806C 0x000301F0 0x0002EDF0 0x00000130
FindClose - 0x10028070 0x000301F4 0x0002EDF4 0x00000119
GetExitCodeProcess - 0x10028074 0x000301F8 0x0002EDF8 0x000001C5
CreateFileW - 0x10028078 0x000301FC 0x0002EDFC 0x0000007F
GetFileSize - 0x1002807C 0x00030200 0x0002EE00 0x000001D4
ReadFile - 0x10028080 0x00030204 0x0002EE04 0x00000368
WriteFile - 0x10028084 0x00030208 0x0002EE08 0x0000048D
GetModuleHandleW - 0x10028088 0x0003020C 0x0002EE0C 0x000001F9
GetTempPathW - 0x1002808C 0x00030210 0x0002EE10 0x0000025B
MultiByteToWideChar - 0x10028090 0x00030214 0x0002EE14 0x0000031A
VerifyVersionInfoW - 0x10028094 0x00030218 0x0002EE18 0x00000453
GetCurrentProcess - 0x10028098 0x0003021C 0x0002EE1C 0x000001A9
GetProcAddress - 0x1002809C 0x00030220 0x0002EE20 0x00000220
GetCurrentThreadId - 0x100280A0 0x00030224 0x0002EE24 0x000001AD
LoadLibraryA - 0x100280A4 0x00030228 0x0002EE28 0x000002F1
InterlockedExchange - 0x100280A8 0x0003022C 0x0002EE2C 0x000002BD
LCMapStringW - 0x100280AC 0x00030230 0x0002EE30 0x000002E3
LCMapStringA - 0x100280B0 0x00030234 0x0002EE34 0x000002E1
CreateProcessW - 0x100280B4 0x00030238 0x0002EE38 0x00000097
GetConsoleMode - 0x100280B8 0x0003023C 0x0002EE3C 0x00000195
GetConsoleCP - 0x100280BC 0x00030240 0x0002EE40 0x00000183
SetFilePointer - 0x100280C0 0x00030244 0x0002EE44 0x000003DF
HeapSize - 0x100280C4 0x00030248 0x0002EE48 0x000002A6
GetStringTypeW - 0x100280C8 0x0003024C 0x0002EE4C 0x00000240
GetStringTypeA - 0x100280CC 0x00030250 0x0002EE50 0x0000023D
IsValidLocale - 0x100280D0 0x00030254 0x0002EE54 0x000002DD
SetStdHandle - 0x100280D4 0x00030258 0x0002EE58 0x000003FC
WriteConsoleA - 0x100280D8 0x0003025C 0x0002EE5C 0x00000482
GetConsoleOutputCP - 0x100280DC 0x00030260 0x0002EE60 0x00000199
WriteConsoleW - 0x100280E0 0x00030264 0x0002EE64 0x0000048C
CompareStringW - 0x100280E4 0x00030268 0x0002EE68 0x00000055
SetEnvironmentVariableA - 0x100280E8 0x0003026C 0x0002EE6C 0x000003D0
SetEnvironmentVariableW - 0x100280EC 0x00030270 0x0002EE70 0x000003D1
GetLocaleInfoW - 0x100280F0 0x00030274 0x0002EE74 0x000001EA
CreateFileA - 0x100280F4 0x00030278 0x0002EE78 0x00000078
FlushFileBuffers - 0x100280F8 0x0003027C 0x0002EE7C 0x00000141
InitializeCriticalSection - 0x100280FC 0x00030280 0x0002EE80 0x000002B4
GetProcessHeap - 0x10028100 0x00030284 0x0002EE84 0x00000223
VerSetConditionMask - 0x10028104 0x00030288 0x0002EE88 0x0000044F
UnhandledExceptionFilter - 0x10028108 0x0003028C 0x0002EE8C 0x0000043E
EnumSystemLocalesA - 0x1002810C 0x00030290 0x0002EE90 0x000000F8
GetLocaleInfoA - 0x10028110 0x00030294 0x0002EE94 0x000001E8
GetUserDefaultLCID - 0x10028114 0x00030298 0x0002EE98 0x0000026D
RtlUnwind - 0x10028118 0x0003029C 0x0002EE9C 0x00000392
InitializeCriticalSectionAndSpinCount - 0x1002811C 0x000302A0 0x0002EEA0 0x000002B5
GetSystemTimeAsFileTime - 0x10028120 0x000302A4 0x0002EEA4 0x0000024F
HeapFree - 0x10028124 0x000302A8 0x0002EEA8 0x000002A1
TerminateProcess - 0x10028128 0x000302AC 0x0002EEAC 0x0000042D
GetModuleHandleA - 0x1002812C 0x000302B0 0x0002EEB0 0x000001F6
SetUnhandledExceptionFilter - 0x10028130 0x000302B4 0x0002EEB4 0x00000415
IsDebuggerPresent - 0x10028134 0x000302B8 0x0002EEB8 0x000002D1
DeleteFileW - 0x10028138 0x000302BC 0x0002EEBC 0x000000C3
RemoveDirectoryW - 0x1002813C 0x000302C0 0x0002EEC0 0x00000380
CreateDirectoryW - 0x10028140 0x000302C4 0x0002EEC4 0x00000071
GetCommandLineA - 0x10028144 0x000302C8 0x0002EEC8 0x0000016F
HeapCreate - 0x10028148 0x000302CC 0x0002EECC 0x0000029F
HeapDestroy - 0x1002814C 0x000302D0 0x0002EED0 0x000002A0
VirtualFree - 0x10028150 0x000302D4 0x0002EED4 0x00000457
DeleteCriticalSection - 0x10028154 0x000302D8 0x0002EED8 0x000000BE
LeaveCriticalSection - 0x10028158 0x000302DC 0x0002EEDC 0x000002EF
EnterCriticalSection - 0x1002815C 0x000302E0 0x0002EEE0 0x000000D9
HeapAlloc - 0x10028160 0x000302E4 0x0002EEE4 0x0000029D
VirtualAlloc - 0x10028164 0x000302E8 0x0002EEE8 0x00000454
HeapReAlloc - 0x10028168 0x000302EC 0x0002EEEC 0x000002A4
InterlockedIncrement - 0x1002816C 0x000302F0 0x0002EEF0 0x000002C0
InterlockedDecrement - 0x10028170 0x000302F4 0x0002EEF4 0x000002BC
TlsGetValue - 0x10028174 0x000302F8 0x0002EEF8 0x00000434
TlsAlloc - 0x10028178 0x000302FC 0x0002EEFC 0x00000432
TlsSetValue - 0x1002817C 0x00030300 0x0002EF00 0x00000435
TlsFree - 0x10028180 0x00030304 0x0002EF04 0x00000433
SetLastError - 0x10028184 0x00030308 0x0002EF08 0x000003EC
RaiseException - 0x10028188 0x0003030C 0x0002EF0C 0x0000035A
GetFileAttributesW - 0x1002818C 0x00030310 0x0002EF10 0x000001CE
GetCPInfo - 0x10028190 0x00030314 0x0002EF14 0x0000015B
GetACP - 0x10028194 0x00030318 0x0002EF18 0x00000152
GetOEMCP - 0x10028198 0x0003031C 0x0002EF1C 0x00000213
IsValidCodePage - 0x1002819C 0x00030320 0x0002EF20 0x000002DB
ExitProcess - 0x100281A0 0x00030324 0x0002EF24 0x00000104
SetHandleCount - 0x100281A4 0x00030328 0x0002EF28 0x000003E8
GetStdHandle - 0x100281A8 0x0003032C 0x0002EF2C 0x0000023B
GetFileType - 0x100281AC 0x00030330 0x0002EF30 0x000001D7
GetStartupInfoA - 0x100281B0 0x00030334 0x0002EF34 0x00000239
GetModuleFileNameA - 0x100281B4 0x00030338 0x0002EF38 0x000001F4
FreeEnvironmentStringsA - 0x100281B8 0x0003033C 0x0002EF3C 0x0000014A
GetEnvironmentStrings - 0x100281BC 0x00030340 0x0002EF40 0x000001BF
FreeEnvironmentStringsW - 0x100281C0 0x00030344 0x0002EF44 0x0000014B
WideCharToMultiByte - 0x100281C4 0x00030348 0x0002EF48 0x0000047A
GetEnvironmentStringsW - 0x100281C8 0x0003034C 0x0002EF4C 0x000001C1
QueryPerformanceCounter - 0x100281CC 0x00030350 0x0002EF50 0x00000354
GetTickCount - 0x100281D0 0x00030354 0x0002EF54 0x00000266
GetCurrentProcessId - 0x100281D4 0x00030358 0x0002EF58 0x000001AA
USER32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AttachThreadInput - 0x1002820C 0x00030390 0x0002EF90 0x0000000C
GetWindowThreadProcessId - 0x10028210 0x00030394 0x0002EF94 0x00000190
GetForegroundWindow - 0x10028214 0x00030398 0x0002EF98 0x00000125
IsWindow - 0x10028218 0x0003039C 0x0002EF9C 0x000001C5
BringWindowToTop - 0x1002821C 0x000303A0 0x0002EFA0 0x00000010
UpdateWindow - 0x10028220 0x000303A4 0x0002EFA4 0x000002E9
ShowWindow - 0x10028224 0x000303A8 0x0002EFA8 0x000002B8
SystemParametersInfoW - 0x10028228 0x000303AC 0x0002EFAC 0x000002C5
RegisterClassExW - 0x1002822C 0x000303B0 0x0002EFB0 0x00000235
DefWindowProcW - 0x10028230 0x000303B4 0x0002EFB4 0x00000096
SetForegroundWindow - 0x10028234 0x000303B8 0x0002EFB8 0x0000027A
AllowSetForegroundWindow - 0x10028238 0x000303BC 0x0002EFBC 0x00000006
CreateWindowExW - 0x1002823C 0x000303C0 0x0002EFC0 0x00000068
ADVAPI32.dll (16)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExW - 0x10028000 0x00030184 0x0002ED84 0x00000268
RegOpenKeyExW - 0x10028004 0x00030188 0x0002ED88 0x0000025B
RegEnumKeyExW - 0x10028008 0x0003018C 0x0002ED8C 0x00000249
RegCloseKey - 0x1002800C 0x00030190 0x0002ED90 0x0000022A
RegDeleteValueW - 0x10028010 0x00030194 0x0002ED94 0x00000242
RegDeleteKeyW - 0x10028014 0x00030198 0x0002ED98 0x0000023E
GetTokenInformation - 0x10028018 0x0003019C 0x0002ED9C 0x00000154
OpenProcessToken - 0x1002801C 0x000301A0 0x0002EDA0 0x000001F1
GetUserNameW - 0x10028020 0x000301A4 0x0002EDA4 0x0000015F
CryptGetHashParam - 0x10028024 0x000301A8 0x0002EDA8 0x000000C0
CryptHashData - 0x10028028 0x000301AC 0x0002EDAC 0x000000C4
CryptCreateHash - 0x1002802C 0x000301B0 0x0002EDB0 0x000000AF
CryptAcquireContextW - 0x10028030 0x000301B4 0x0002EDB4 0x000000AD
CryptReleaseContext - 0x10028034 0x000301B8 0x0002EDB8 0x000000C7
CryptDestroyHash - 0x10028038 0x000301BC 0x0002EDBC 0x000000B2
RegSetValueExW - 0x1002803C 0x000301C0 0x0002EDC0 0x00000278
SHELL32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetFolderPathW - 0x100281EC 0x00030370 0x0002EF70 0x000000C0
ShellExecuteExW - 0x100281F0 0x00030374 0x0002EF74 0x00000117
None 0x000002A8 0x100281F4 0x00030378 0x0002EF78 -
SHLWAPI.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathFindExtensionW - 0x100281FC 0x00030380 0x0002EF80 0x00000047
PathAppendW - 0x10028200 0x00030384 0x0002EF84 0x00000034
PathFileExistsW - 0x10028204 0x00030388 0x0002EF88 0x00000045
Exports (10)
»
API Name EAT Address Ordinal
_CheckReboot@4 0x0000A5D0 0x00000001
_InstallFinish1@4 0x0000A510 0x00000002
_InstallFinish2@4 0x0000A740 0x00000003
_InstallMain@4 0x0000A9D0 0x00000004
_InstallPrepare@4 0x0000A4A0 0x00000005
_InstallRollback@4 0x0000ABC0 0x00000006
_SubstWrappedArguments@4 0x0000AC80 0x00000007
_UninstallFinish1@4 0x0000B280 0x00000008
_UninstallFinish2@4 0x0000B6E0 0x00000009
_UninstallPrepare@4 0x0000AC90 0x0000000A
C:\Windows\Installer\1876f00.ipi Dropped File OLE Compound
Clean
...
»
MIME Type application/CDFV2
File Size 20.00 KB
MD5 723c0bff205675483d317de31ab14d4b Copy to Clipboard
SHA1 2f766fd6ec2ab03753ec2bf709bc78b0d21091ea Copy to Clipboard
SHA256 68a761b0e8bf4a1285e3dedce6c1cc732176118542cf730c28b3bfda5ab8f71c Copy to Clipboard
SSDeep 48:5s0YcDHwvuMOPVGddSE9bArmddSBjr7i88v:5s9W9VMnbqN8v Copy to Clipboard
ImpHash -
CFB Streams (17)
»
Name ID Size Actions
Root\䕙䇲䆸㲷䠧 1 0 Bytes -
Root\䕙䇲䆸㷷䐤䠨 2 0 Bytes -
Root\䒕䒪㾱䈶䠵 3 18 Bytes
...
Root\䈜䈯䗦䒬䖱 4 0 Bytes -
Root\䒏䇯䕨䠶 5 0 Bytes -
Root\䕙䓲䕨䌷䖨 6 0 Bytes -
Root\䌝䈰䗜䐤㵳䚲 7 0 Bytes -
Root\䌝䈰䗜䐤㱳䊬䠫 8 0 Bytes -
Root\䄍䄷䄥䈶䄙䋷 9 0 Bytes -
Root\䌍䎶䕙䐲䗳 10 0 Bytes -
Root\䌍䎶䈜䌵䏤 11 0 Bytes -
Root\䜜䗶䐨䈛䗶䕲㼨䔨䈸䆱䠨 12 4 Bytes
...
Root\䉊䈷㻵䅨䒲䠷 13 0 Bytes -
Root\䕝䑤䄶䗦䒬㷱䐤䠨 14 188 Bytes
...
Root\䕝䑤䄶䗦䒬㫱䊨䑬䌝䈰䒕䠺 15 18 Bytes
...
Root\䕝䑤䄶䗦䒬㫱䊨䑬䌝䈰䌑䋪 16 16 Bytes
...
Root\䘖䗯㹬䆤䄮䈪䕝䑤䄶䗦䒬䠱 17 2 Bytes
...
C:\Windows\Installer\1876f00.ipi Dropped File OLE Compound
Clean
...
»
MIME Type application/CDFV2
File Size 20.00 KB
MD5 4968fc645d29a7e5c2abb884359b8a9a Copy to Clipboard
SHA1 ce2bc23ee89caf6662119755f756de2d47253331 Copy to Clipboard
SHA256 369d4970317d511ad452ad224b5d89a43c5cb4be88f9098f43b2b47e1cf7063a Copy to Clipboard
SSDeep 48:MsfkLu/dRvu8OPVGddSE9bArmddSBjr7i88v:MssLuONVMnbqN8v Copy to Clipboard
ImpHash -
CFB Streams (17)
»
Name ID Size Actions
Root\䕙䇲䆸㲷䠧 1 76 Bytes
...
Root\䕙䇲䆸㷷䐤䠨 2 140 Bytes
...
Root\䒕䒪㾱䈶䠵 3 18 Bytes
...
Root\䈜䈯䗦䒬䖱 4 48 Bytes
...
Root\䒏䇯䕨䠶 5 230 Bytes
...
Root\䕙䓲䕨䌷䖨 6 682 Bytes
...
Root\䌝䈰䗜䐤㵳䚲 7 20 Bytes
...
Root\䌝䈰䗜䐤㱳䊬䠫 8 16 Bytes
...
Root\䄍䄷䄥䈶䄙䋷 9 64 Bytes
...
Root\䌍䎶䕙䐲䗳 10 0 Bytes -
Root\䌍䎶䈜䌵䏤 11 0 Bytes -
Root\䜜䗶䐨䈛䗶䕲㼨䔨䈸䆱䠨 12 4 Bytes
...
Root\䉊䈷㻵䅨䒲䠷 13 0 Bytes -
Root\䕝䑤䄶䗦䒬㷱䐤䠨 14 188 Bytes
...
Root\䕝䑤䄶䗦䒬㫱䊨䑬䌝䈰䒕䠺 15 18 Bytes
...
Root\䕝䑤䄶䗦䒬㫱䊨䑬䌝䈰䌑䋪 16 16 Bytes
...
Root\䘖䗯㹬䆤䄮䈪䕝䑤䄶䗦䒬䠱 17 2 Bytes
...
c:\system volume information\spp\metadata-2 Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 8.58 MB
MD5 32138c08919897146321925f81eb471b Copy to Clipboard
SHA1 92e32d52af62fb0105a9d0fadcd71922f589437d Copy to Clipboard
SHA256 f6b730b7200cb7886a2edc1a4e8238774a8cf68aa96788b84567ea4d2d23cbb6 Copy to Clipboard
SSDeep 12288:fad9+YYEzT4G09wOCKFPa3ryvRLsVLF/MV2p6AWg2K8usZNntg/t6Z/+sxaxUQaQ:idjOgWvRLiYtY6tj9tSu2F5xD Copy to Clipboard
ImpHash -
C:\Windows\Installer\MSI8868.tmp Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 418.07 KB
MD5 7c336aacc1c449ddeecdb8c254654ae6 Copy to Clipboard
SHA1 67b320dcb9bb337831a44f1487412414c179b3c2 Copy to Clipboard
SHA256 a8c2ca783c081ca354cca0258404babdc3449687b2e01ee6f139e953a0e86982 Copy to Clipboard
SSDeep 12288:ctJRQ+gjpjegLyo8CtJRQ+gjpjegLyo8m:ctBcpVLSCtBcpVLSm Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\temp\~dfbb16f2a06510bc9b.tmp Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 68.00 KB
MD5 2abd476bdd0cff648e5e2368071dce36 Copy to Clipboard
SHA1 745b0feb4b881b0effcaab389cb5b98161017a89 Copy to Clipboard
SHA256 227150f6222719008f63bd91ffbd08fcdbfbf91f129d178ba378cecfb06c3342 Copy to Clipboard
SSDeep 24:Ojd8vdOQCwY+7ilJfAebfddipV7hddipVyV3+bwGE3rglrkg9Se+1O6y:I8vVilrfddSBhddSE9bArHyOP Copy to Clipboard
ImpHash -
C:\ProgramData\AnyDesk\ad_svc.trace Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 10.15 KB
MD5 dba1dabb67ffb639de13bf8f0cae2518 Copy to Clipboard
SHA1 6c05e1f188f0f2bc35865e60a40f0031f17db6be Copy to Clipboard
SHA256 01546d505366a19f0097314f3f300db3efd08b404d2231b19a713c4f7cdf94b0 Copy to Clipboard
SSDeep 96:mSFp90E+z32Y3WzCR5v3jEoCR4b2SgWyMSWry:50E+z32JVMC Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Roaming\AnyDesk\ad.trace Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 3.41 KB
MD5 13853259ce176a89d10963744513a95c Copy to Clipboard
SHA1 3147a4c20c204f6f919bead35ea4c84095bf5c5b Copy to Clipboard
SHA256 048f7a1ddae30fe824f1fdaf4550529b98a9fa4fb66ce30ed31f56d377a71b11 Copy to Clipboard
SSDeep 48:cnD7lLEF80Fr3okrh5AZUyZU8tXZUcZU8tXrhHZUGZU8tFZU+ZUqrrhwkBrh++rS:kEFdit5tftJ6xHhGQ/wzM Copy to Clipboard
ImpHash -
c:\system volume information\spp\onlinemetadatacache\{bc53f388-3229-4b5f-b588-f5cd90ddd73e}_ondisksnapshotprop Dropped File Stream
Clean
...
»
Also Known As c:\system volume information\spp\snapshot-2 (Dropped File)
MIME Type application/octet-stream
File Size 3.03 KB
MD5 93bbb3858daf44cccc2df13d99ccbe31 Copy to Clipboard
SHA1 28aad5fde9d6c8608d54ae319e676a8aa201e478 Copy to Clipboard
SHA256 b578195e3269fa0f78384606a7ae76fa79c73c95ea05ff7df4d8ca8d31f85a33 Copy to Clipboard
SSDeep 96:IgQg+BtgQLrFGD32I84LTHzbOHXOHB9BJTdP:5Q33FQb++ Copy to Clipboard
ImpHash -
C:\ProgramData\AnyDesk\service.conf Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 2.70 KB
MD5 2cda2e71307d5858674d2f87e1eef00f Copy to Clipboard
SHA1 b713734cb8248a40a033daee81aa35bf1b1dd8f5 Copy to Clipboard
SHA256 9c0b9c9492d4a1b4c57e6d51ba8a7c74c7d2a82cffedae57ab8b3f7458367955 Copy to Clipboard
SSDeep 48:uISTiqjikhr9+ScPLzHcTBUzAyMjis2GMsaSvzjv0zmSpDEnLZ928GIxXY4:uISTHikhA1PLzG/yMWbsaSv/vwEnLn// Copy to Clipboard
ImpHash -
C:\ProgramData\AnyDesk\service.conf Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 1.71 KB
MD5 b3092f31a1b8779e25a63a90f38247b3 Copy to Clipboard
SHA1 2366ce46df54fc272205fae6cfd7768c821a536d Copy to Clipboard
SHA256 c715e97bad4c1ee928c1cc47b9c700525af9654d7eb080bfe7ba5f1adc207364 Copy to Clipboard
SSDeep 48:9jis2GMsaSvzjv0zmSpDEnLZ928GIxXY4:9WbsaSv/vwEnLn/p5 Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\msiwrapper.ini Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 1.41 KB
MD5 5ec7132dd4c75602333ff74a638c967b Copy to Clipboard
SHA1 e2afd6367ede3dc8de687741f5207b7d483aae72 Copy to Clipboard
SHA256 f5d6af499ec4e83960097c994a8838d993a36844e63c03d2cd94cf3612910a38 Copy to Clipboard
SSDeep 24:udX8DW8XjsjToZkESrF0WnzWnFVyzWnFVJrXMacp+P:uYg1JF0aCVOCto0 Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\msiwrapper.ini Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 1.20 KB
MD5 001a68c69467737716daf10e0f9fd596 Copy to Clipboard
SHA1 18fc558ce903a69448393d3fce48b1c22674ed3a Copy to Clipboard
SHA256 94d78d9395d2775d7d86b4ef45fc5d3d82508aff79c2026ffe7d882cfc7d552a Copy to Clipboard
SSDeep 12:bISeAG6eBEwGTRlWlmQxCXj4h/7mgciXAAKyoOWXju3U3IlReSpPT5FoiQ1KKvym:udX8DW8XjsjToZkESrF0WnzWnFpU9Cuk Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\msiwrapper.ini Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 1.14 KB
MD5 7e7ed062d955d7ea0b1c64222f244271 Copy to Clipboard
SHA1 595ff7637a30d504ca42bc30041423529b7a017f Copy to Clipboard
SHA256 58810cd2764e951e7170488bd6351db35bc10d69a9557c68449646892b754942 Copy to Clipboard
SSDeep 12:bISeAG6eBEwGTRlWlmQxCXj4h/7mgciXAAKyoOWXju3U3IlReSpPT5FoiQ1KKvyq:udX8DW8XjsjToZkESrF0WnzWnF+jDJQ Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\msiwrapper.ini Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 1.10 KB
MD5 64de5299a756c91b0e8d5caeb4a9ce19 Copy to Clipboard
SHA1 ea04589e431f010a9c5c0c5aca0d2e788f336827 Copy to Clipboard
SHA256 20cfab35403d0daa886a287e65e964f0d36ff2b01963ba3d725f8231254ef338 Copy to Clipboard
SSDeep 12:bISeAG6eBEwGTRlWlmQxCXj4h/7mgciXAAKyoOWXju3U3IlReSpPT5FoiQ1KKvyY:udX8DW8XjsjToZkESrF0WnzWnFwZUar+ Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\msiwrapper.ini Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 1.05 KB
MD5 1b711fe93cb92002cc14eda951a7de19 Copy to Clipboard
SHA1 b10f09eb871f7eba93502d1df5cc126728c7b4c1 Copy to Clipboard
SHA256 8f3cd45fb1e3d8d472fc7b27739e78a72c69688cad974ba206dedbeed9c11f85 Copy to Clipboard
SSDeep 12:bISeAG6eBEwGTRlWlmQxCXj4h/7mgciXAAKyoOWXju3U3IlReSpPT5FoiQ1KKvyP:udX8DW8XjsjToZkESrF0WnzWnFtfw Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\msiwrapper.ini Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 1.01 KB
MD5 162abe1f00bbd8cf2e32165b8e79d2da Copy to Clipboard
SHA1 af3ab9fae11b60508e1545aeeca708bfca0b1bcc Copy to Clipboard
SHA256 6fbbbcd35e9723b71e005f37608d59b4cc7b8756b419ea30277b1ed54692dfb4 Copy to Clipboard
SSDeep 12:bISeAG6eBEwGTRlWlmQxCXj4h/7mgciXAAKyoOWXju3U3IlReSpPT5FoiQ1KKvys:udX8DW8XjsjToZkESrF0WnzWnF9OoXrb Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\msiwrapper.ini Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 844 Bytes
MD5 c34d306ebd786ec500267f067b0b2daa Copy to Clipboard
SHA1 90db10e6e6637b7c5168213f2e2f4bfa7f3d3822 Copy to Clipboard
SHA256 78289a3decdf0d00d469739189129687487d16bb44d60218c6e511c2512a292e Copy to Clipboard
SSDeep 24:udX8DW8XjsjToZkESrF0WnYGO1jtlSUOj:uYg1JF0RxXSUy Copy to Clipboard
ImpHash -
C:\Config.Msi\1876f01.rbs Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 740 Bytes
MD5 e84a76b7c4c36d085d5ff937173405cb Copy to Clipboard
SHA1 e33a067671ab12355f16a2f4bf84cf5012a20d50 Copy to Clipboard
SHA256 e72faf012b929b1fc3b6ab0d7c0e9c01580e9cadb7263c3edf1c4bfa6aceda7f Copy to Clipboard
SSDeep 12:EgRgBCRW3Xs/3khF1EHEDiJVlj//S/3khF1Eb8fN2zWotPtnLxqBRW3XcqFV8UV/:aBCRWns/3khAHqiJ3jC/3khAd6yQBRWX Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\msiwrapper.ini Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 666 Bytes
MD5 e7da2e171528be7b33fd1758818986f2 Copy to Clipboard
SHA1 4ecbbed7c2e31ef2fc97ecbfe118d10381c578d9 Copy to Clipboard
SHA256 06498734b1e071e4fddc03effab417a58e86091c03fab1e45e8f58d65fc0a2eb Copy to Clipboard
SSDeep 12:bISeAG6eBEwGTRlWlmQxCXj4h/7mgciXAAKyoOWXju3U3IlReSpPw5UuY3AbkKId:udX8DW8XjsjToZkESSquY3FKrly Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\msiwrapper.ini Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 646 Bytes
MD5 2b95a8d2772e31bea47aa34bf0374479 Copy to Clipboard
SHA1 1766046018b25b86661ccf6175bbf97310a8f886 Copy to Clipboard
SHA256 9fe6a6bf86ebab1c3a9f6dc4df4bd2a265c501276ac227e57dbd62c10d19c51b Copy to Clipboard
SSDeep 12:bISeAG6eBEwGTRlWlmQxCXj4h/7mgciXAAKyoOWXju3U3IlReSpxQHL5jdvW7lrQ:udX8DW8XjsjToZkES/OdMYB Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\msiwrapper.ini Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 626 Bytes
MD5 5fa279c5130c92687538b356687fcbeb Copy to Clipboard
SHA1 b4218916c1fa0b617f08749c51e5d13db200c7d8 Copy to Clipboard
SHA256 a1c73dfd3110ddaeeb177e61e0358c8810dd4b29acb28820be8079b2cc9a5aff Copy to Clipboard
SSDeep 12:bISeAG6eBEwGTRlWlmQxCXj4h/7mgciXAAKyoOWXju3U3IlReSg69p0JxGT6/f:udX8DW8XjsjToZkESg69p2x86H Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\msiwrapper.ini Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 580 Bytes
MD5 7b0f232f155da00c40853846be910027 Copy to Clipboard
SHA1 4111df4c662f1475b60410dc045963447d7b140c Copy to Clipboard
SHA256 1855c366f25876b91db995f6c5b8fd59b65da1536013b1ba5b14c7323634a4c4 Copy to Clipboard
SSDeep 12:bISeAG6eBEwGTRlWlmQxCXj4h/7mgciXAAKyoOWXju3U3I/ZMl6BNl3CGlpe6:udX8DW8XjsjToZWMkB3LDe6 Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\msiwrapper.ini Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 556 Bytes
MD5 c4ffcb4e6fa531805d8347d109518366 Copy to Clipboard
SHA1 39ee9d4bf88711c9be011f2e431ef40a2c47a3ce Copy to Clipboard
SHA256 1dc41c1f212125f44c42baaeb00a3402e8e19257fbb20123dd24fd7c5412b48d Copy to Clipboard
SSDeep 12:bISeAG6eBEwGTRlWlmQxCXj4h/7mgciXAAKyoOWXju3U3xlpxFTRNQuf6jLGrIn:udX8DW8XjsjToZLnR58Rn Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\msiwrapper.ini Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 522 Bytes
MD5 8bcc21f6dfaa3ea923f193137061fd12 Copy to Clipboard
SHA1 17bcd85fd8045f43f200122843d54829f84aba2d Copy to Clipboard
SHA256 7c75643b0869803ca12db1913f0a2ebfccdb69f7f812448358f28c5aed222819 Copy to Clipboard
SSDeep 12:bISeAG6eBEwGTRlWlmQxCXj4h/7mgciXAAKyoOWXjjjZzlFczEZ:udX8DW8XjsjToZZHqEZ Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\temp\~df397bf18cbdc5158c.tmp Dropped File Stream
Clean
Known to be clean.
...
»
MIME Type application/octet-stream
File Size 512 Bytes
MD5 bf619eac0cdf3f68d496ea9344137e8b Copy to Clipboard
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 Copy to Clipboard
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
C:\ProgramData\AnyDesk\system.conf Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 455 Bytes
MD5 a5eda70b31ce26b76d098396469dc384 Copy to Clipboard
SHA1 c3ab03a0e8ded5f4c92e2ac74264f2bcab14e092 Copy to Clipboard
SHA256 93e9b6f83e46b026979cafc9d6cb022eea8025bf6311e36470312afb76f0a7bf Copy to Clipboard
SSDeep 6:owXmQr0cnowaqQAmvbahOmQgRQUQgRQPYQgRQOYQgfxPZxi3B6QgfxPg3qg3B6Q1:ommM0coZqQHvWhOLroBGgFBG0wlcpv Copy to Clipboard
ImpHash -
C:\ProgramData\AnyDesk\system.conf Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 455 Bytes
MD5 8853ef9c6d955daa328994c9782ceb98 Copy to Clipboard
SHA1 23b83280d3637f8398ade821a38ca2c893514a86 Copy to Clipboard
SHA256 eaeceece55f1c16b178b70fcb07f78e2a453ff63bce81e4b32df93843aa1e98e Copy to Clipboard
SSDeep 6:owXmQr0cnowaqQAmvbahCQgRQUQgRQPYQgRQOYQgfxPZxi3B6QgfxPg3qg3B6Qga:ommM0coZqQHvWhHroBGgFBG0wlcpv Copy to Clipboard
ImpHash -
C:\ProgramData\AnyDesk\system.conf Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 422 Bytes
MD5 d03988e94f97d07a629766f7b27e8c8b Copy to Clipboard
SHA1 cf084ea190f94689fb3aa59ccd5de3b5e69cecc2 Copy to Clipboard
SHA256 be72d2a496f9407ec2a4fb2da2bd16d8cb986f1d52cfe7b24202c08ff59a1267 Copy to Clipboard
SSDeep 6:owXmQr0cnowahOmQgRQUQgRQPYQgRQOYQgfxPZxi3B6QgfxPg3qg3B6QgfxPhYQ0:ommM0coZhOLroBGgFBG0wlcpv Copy to Clipboard
ImpHash -
C:\ProgramData\AnyDesk\system.conf Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 398 Bytes
MD5 830533800391e391cdb1e4684084bb01 Copy to Clipboard
SHA1 62fed42baf62f18a39bd4af531f014b11ac3def8 Copy to Clipboard
SHA256 99860d4dfbf1a10a93a81c4b9e7ba050baab11a1df3530168b91c3b8f0061ddf Copy to Clipboard
SSDeep 6:owXmQr0cno6QgRQUQgRQPYQgRQOYQgfxPZxi3B6QgfxPg3qg3B6QgfxPhYQgoaoq:ommM0covroBGgFBG0wlcpv Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\msiwrapper.ini Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 376 Bytes
MD5 1eb43fdaa1a0e33b566b59519567c5b2 Copy to Clipboard
SHA1 946c25fa391ca09c20c98f1a030b86219ec0cbfe Copy to Clipboard
SHA256 0ee9cd006768810ec0fd7f40dac9570b1b718849d74a58a091f5a74964ec8fed Copy to Clipboard
SSDeep 6:bIGNeAGFAjiBMlwRYrTRlWlmQg1kCEqIUWa47lwRYr7vXMW+dLQaaaIugUnVzFfg:bISeAG6eBEwGTRlWlmQxCXj4h/7UQaal Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\msiwrapper.ini Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 334 Bytes
MD5 d7b8998796e04ca1e5bddf3ef6c253d5 Copy to Clipboard
SHA1 3fc09a455545f99984235bb7937c8cc8f15855e0 Copy to Clipboard
SHA256 b6f20d2b6f7fc11474f3f37becbc1d42f417f474254c11a6a788ec6183482815 Copy to Clipboard
SSDeep 6:bIGNeAGFAjiBMlwRYrTRlWlmQg1kCEqICWWRBlGMIiomzQulMnk7l:bISeAG6eBEwGTRlWlmQxCbTGM9auWSl Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\msiwrapper.ini Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 294 Bytes
MD5 c94e4338b98b5c8057c9dc7ada143ef9 Copy to Clipboard
SHA1 68576d73a34f73148b1d3b8c4c07eed0c09217a2 Copy to Clipboard
SHA256 effb26504044d25e882310d5b1e800be1a2450f85d9250679b2236b48903d3b6 Copy to Clipboard
SSDeep 6:bIGNeAGFAjiBMlwRYrTRlWlmQg1UlWfljlSleladUj/0HIlVRBDlpWGeRaGUKb:bISeAG6eBEwGTRlWlmQ4slTA0kllpWXZ Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\msiwrapper.ini Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 250 Bytes
MD5 e510531e48c36a515fb7997487dd3eec Copy to Clipboard
SHA1 d39e75fe2c89c2f34c1ead2c3273d03ae4543eff Copy to Clipboard
SHA256 133f38f53e831d9c1f3e0ef29cf5542c8ab2b9d6dd1c1a5ae0fe134f7c10bf39 Copy to Clipboard
SSDeep 6:bIGNeAGFAjiBM3lW8RYFyBjSrlhJlynG9WPmqTMl/KUlSel:bISeAG6eBcuMjelhW7UHSel Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\msiwrapper.ini Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 196 Bytes
MD5 dcb2cad8fa12df787be642d18732eccc Copy to Clipboard
SHA1 3d2592977b62d9f2f1e3265ebdf8e83db3fbe3e4 Copy to Clipboard
SHA256 4200a80a055888e50bdaeb58293dcc0d47f9c50deae1c7daa894332af4470f6a Copy to Clipboard
SSDeep 3:BtXJiG66BleAdMWp3JoK74HnlllnM5QclLXB3lAUuVlPDFGaGlO:bIGNeAdMWXobi5QcZXBVAfVp8aGlO Copy to Clipboard
ImpHash -
c:\windows\syswow64\log1.txt Dropped File Text
Clean
...
»
Also Known As log1.txt (Accessed File, Dropped File)
MIME Type text/plain
File Size 13 Bytes
MD5 d4835cefaa99dfc3bfb50d446c97cef4 Copy to Clipboard
SHA1 df5644ba1d936ab52b7c96a22d5744cbfbda6ee2 Copy to Clipboard
SHA256 a8c0656b85d708b1c93db91ddab77ceaa332fe6a572313e539749f41e3ff4304 Copy to Clipboard
SSDeep 3:i1lfov:i1lAv Copy to Clipboard
ImpHash -
c:\lsarpc Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\wkssvc Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
C:\Config.Msi\MSIA7BD.tmp Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
C:\Config.Msi\MSI36A6.tmp Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\temp\msi6b18b.log Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\srvsvc Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\samr Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
C:\Windows\Installer\MSIA7FC.tmp Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
install.exe Archive File Binary
Clean
...
»
Parent File C:\Users\KEECFM~1\AppData\Local\Temp\MW-ed03fe6a-6d69-41db-94de-aca9dc9763e3\files.cab
MIME Type application/vnd.microsoft.portable-executable
File Size 3.66 MB
MD5 8c42ab81f90ee0592f7a709f0f7e320b Copy to Clipboard
SHA1 6656c6ca4611245cda44958bab84866196c9d95b Copy to Clipboard
SHA256 beb6182ceab6ea0b0fdc0f41f8069632317e0f941419b75ede4145593cd6a21c Copy to Clipboard
SSDeep 98304:dDFWG1bqjvcLIsoh5GbmkNC3dv2tthJ2/Ev6l3:d7svcsImkN4chYECl Copy to Clipboard
ImpHash 9689b06afb7ada352a996f5bc3be0854 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x00401124
Size Of Code 0x00000E00
Size Of Initialized Data 0x003A7C00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2022-06-06 13:06 (UTC+2)
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x00000D7A 0x00000E00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.04
.rdata 0x00402000 0x000002DC 0x00000400 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.7
.data 0x00403000 0x000004F6 0x00000600 0x00001600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.68
.rsrc 0x00404000 0x003A70E0 0x003A7200 0x00001C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 8.0
Imports (3)
»
kernel32.dll (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ExitProcess - 0x00402010 0x000020D0 0x000012D0 0x0000009B
FindResourceA - 0x00402014 0x000020D4 0x000012D4 0x000000C0
GetExitCodeProcess - 0x00402018 0x000020D8 0x000012D8 0x00000115
GetModuleHandleA - 0x0040201C 0x000020DC 0x000012DC 0x00000134
GetStartupInfoA - 0x00402020 0x000020E0 0x000012E0 0x00000168
GlobalAlloc - 0x00402024 0x000020E4 0x000012E4 0x000001A5
LoadResource - 0x00402028 0x000020E8 0x000012E8 0x000001EF
MultiByteToWideChar - 0x0040202C 0x000020EC 0x000012EC 0x0000020B
CreatePipe - 0x00402030 0x000020F0 0x000012F0 0x0000004E
ReadFile - 0x00402034 0x000020F4 0x000012F4 0x0000023D
ResumeThread - 0x00402038 0x000020F8 0x000012F8 0x00000252
SizeofResource - 0x0040203C 0x000020FC 0x000012FC 0x000002B6
Sleep - 0x00402040 0x00002100 0x00001300 0x000002B7
WriteFile - 0x00402044 0x00002104 0x00001304 0x000002F7
lstrcatA - 0x00402048 0x00002108 0x00001308 0x0000030F
lstrcpyA - 0x0040204C 0x0000210C 0x0000130C 0x00000315
CreateFileA - 0x00402050 0x00002110 0x00001310 0x0000003D
CreateDirectoryA - 0x00402054 0x00002114 0x00001314 0x00000035
PeekNamedPipe - 0x00402058 0x00002118 0x00001318 0x00000220
CloseHandle - 0x0040205C 0x0000211C 0x0000131C 0x00000023
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LookupPrivilegeValueA - 0x00402000 0x000020C0 0x000012C0 0x00000141
AdjustTokenPrivileges - 0x00402004 0x000020C4 0x000012C4 0x00000019
OpenProcessToken - 0x00402008 0x000020C8 0x000012C8 0x00000198
wsock32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSAStartup - 0x00402064 0x00002124 0x00001324 0x00000021
ea057e896209478d8290a1b526cae84f2509678d866d08382614707f3b710d47 Extracted File Image
Clean
...
»
Parent File c:\programdata\anydesk.exe
MIME Type image/png
File Size 6.89 KB
MD5 c88936dd1a7d59c4403d6babb04dd87e Copy to Clipboard
SHA1 cc33904defad90d05ccec92b7fff7d5902941795 Copy to Clipboard
SHA256 ea057e896209478d8290a1b526cae84f2509678d866d08382614707f3b710d47 Copy to Clipboard
SSDeep 96:xuuuuuuupABAivai01GdBUKdVQNCCAYar+Z2MY0w1skyi/3AyWhaYeaKOdshmb/D:JBNMGBUKdepk0KVOyghWsxu3zu Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image