analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.safer-networking.org/products/spybot-free-edition/download-mirror-1/

Full analysis: https://app.any.run/tasks/87bb12eb-85f5-4aa1-ad50-85d512813177
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 07, 2020, 21:46:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

BCF70F11BA63737FE7329E43AE39A214

SHA1:

4E28E6903ABDFF514BE30C4A8AE76BA2A3A5160B

SHA256:

F06F9C0894FC0612E387819931D9283DAA10754C3A1729B0A29A7B6D9941A29D

SSDEEP:

3:N8DSLK24oxRWNVRtABMRjIMn:2OLHjRWNVRtA6R0M

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Downloads executable files from the Internet

      • spybotsd-2.8.68.0.tmp (PID: 3024)

    • Changes the autorun value in the registry

      • spybotsd-2.8.68.0.tmp (PID: 3024)

    • Changes settings of System certificates

      • SDTray.exe (PID: 2696)
      • SDFSSvc.exe (PID: 1848)

    • Application was dropped or rewritten from another process

      • SDUpdSvc.exe (PID: 2412)
      • SDUpdate.exe (PID: 2116)
      • SDUpdate.exe (PID: 1784)
      • SDSpybotLab.exe (PID: 2072)
      • SDTray.exe (PID: 2696)
      • SDFSSvc.exe (PID: 1848)
      • SDSpybotLab.exe (PID: 2700)
      • SDWelcome.exe (PID: 2640)
      • SDImmunize.exe (PID: 1356)
      • SDImmunize.exe (PID: 3292)
      • spybotsd2-install-bdcore-update-2020a.exe (PID: 3896)

    • Actions looks like stealing of personal data

      • SDTray.exe (PID: 2696)
      • spybotsd-2.8.68.0.tmp (PID: 3024)
      • SDFSSvc.exe (PID: 1848)
      • SDUpdSvc.exe (PID: 2412)
      • SDSpybotLab.exe (PID: 2072)
      • SDUpdate.exe (PID: 1784)
      • SDUpdate.exe (PID: 2116)
      • SDSpybotLab.exe (PID: 2700)
      • SDWelcome.exe (PID: 2640)
      • SDImmunize.exe (PID: 3292)

    • Loads the Task Scheduler DLL interface

      • spybotsd-2.8.68.0.tmp (PID: 3024)

    • Loads the Task Scheduler COM API

      • spybotsd-2.8.68.0.tmp (PID: 3024)

    • Loads dropped or rewritten executable

      • SDUpdSvc.exe (PID: 2412)
      • SDUpdate.exe (PID: 2116)
      • SDFSSvc.exe (PID: 1848)
      • SDTray.exe (PID: 2696)
      • SDUpdate.exe (PID: 1784)
      • SDSpybotLab.exe (PID: 2072)
      • SDSpybotLab.exe (PID: 2700)
      • WerFault.exe (PID: 3156)
      • spybotsd2-install-bdcore-update-2020a.tmp (PID: 440)
      • SDWelcome.exe (PID: 2640)
      • SDImmunize.exe (PID: 3292)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • spybotsd-2.8.68.0.exe (PID: 3016)
      • spybotsd-2.8.68.0.exe (PID: 3728)
      • spybotsd-2.8.68.0.tmp (PID: 3024)
      • SDUpdSvc.exe (PID: 2412)
      • spybotsd2-install-bdcore-update-2020a.tmp (PID: 440)

    • Reads the Windows organization settings

      • spybotsd-2.8.68.0.tmp (PID: 3024)
      • spybotsd2-install-bdcore-update-2020a.tmp (PID: 440)

    • Reads Windows owner or organization settings

      • spybotsd-2.8.68.0.tmp (PID: 3024)
      • spybotsd2-install-bdcore-update-2020a.tmp (PID: 440)

    • Creates files in the driver directory

      • spybotsd-2.8.68.0.tmp (PID: 3024)

    • Creates files in the Windows directory

      • spybotsd-2.8.68.0.tmp (PID: 3024)
      • SDFSSvc.exe (PID: 1848)
      • SDUpdate.exe (PID: 2116)
      • SDUpdSvc.exe (PID: 2412)
      • spybotsd2-install-bdcore-update-2020a.exe (PID: 3896)
      • WerFault.exe (PID: 3156)

    • Creates or modifies windows services

      • spybotsd-2.8.68.0.tmp (PID: 3024)
      • SDTray.exe (PID: 2696)
      • SDUpdSvc.exe (PID: 2412)

    • Creates executable files which already exist in Windows

      • spybotsd-2.8.68.0.tmp (PID: 3024)

    • Reads Internet Cache Settings

      • spybotsd-2.8.68.0.tmp (PID: 3024)
      • SDTray.exe (PID: 2696)
      • SDUpdate.exe (PID: 1784)
      • SDWelcome.exe (PID: 2640)
      • SDImmunize.exe (PID: 3292)

    • Creates COM task schedule object

      • spybotsd-2.8.68.0.tmp (PID: 3024)

    • Modifies the open verb of a shell class

      • spybotsd-2.8.68.0.tmp (PID: 3024)

    • Reads Environment values

      • SDTray.exe (PID: 2696)
      • spybotsd-2.8.68.0.tmp (PID: 3024)
      • SDFSSvc.exe (PID: 1848)
      • SDUpdate.exe (PID: 2116)
      • SDUpdate.exe (PID: 1784)
      • SDUpdSvc.exe (PID: 2412)
      • SDWelcome.exe (PID: 2640)
      • SDImmunize.exe (PID: 3292)

    • Adds / modifies Windows certificates

      • SDTray.exe (PID: 2696)
      • SDFSSvc.exe (PID: 1848)

    • Creates files in the program directory

      • SDTray.exe (PID: 2696)
      • SDUpdSvc.exe (PID: 2412)
      • spybotsd2-install-bdcore-update-2020a.tmp (PID: 440)
      • WerFault.exe (PID: 3156)
      • SDImmunize.exe (PID: 3292)

    • Executed as Windows Service

      • SDFSSvc.exe (PID: 1848)
      • SDUpdSvc.exe (PID: 2412)

    • Removes files from Windows directory

      • SDFSSvc.exe (PID: 1848)
      • SDUpdate.exe (PID: 2116)
      • SDUpdSvc.exe (PID: 2412)
      • WerFault.exe (PID: 3156)
      • spybotsd2-install-bdcore-update-2020a.tmp (PID: 440)
      • spybotsd2-install-bdcore-update-2020a.exe (PID: 3896)

    • Executed via Task Scheduler

      • SDUpdate.exe (PID: 2116)

    • Creates files in the user directory

      • SDUpdate.exe (PID: 1784)
      • SDWelcome.exe (PID: 2640)
      • SDImmunize.exe (PID: 3292)

    • Reads the cookies of Mozilla Firefox

      • SDImmunize.exe (PID: 3292)

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 3448)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3336)
      • iexplore.exe (PID: 3448)

    • Application launched itself

      • iexplore.exe (PID: 3448)

    • Creates files in the user directory

      • iexplore.exe (PID: 3336)
      • iexplore.exe (PID: 3448)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3336)

    • Application was dropped or rewritten from another process

      • spybotsd-2.8.68.0.tmp (PID: 2068)
      • spybotsd-2.8.68.0.tmp (PID: 3024)
      • setup-signatures.exe (PID: 2728)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 3448)

    • Loads dropped or rewritten executable

      • spybotsd-2.8.68.0.tmp (PID: 3024)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3448)
      • iexplore.exe (PID: 3336)

    • Creates a software uninstall entry

      • spybotsd-2.8.68.0.tmp (PID: 3024)

    • Creates files in the program directory

      • spybotsd-2.8.68.0.tmp (PID: 3024)
      • setup-signatures.exe (PID: 2728)

    • Reads the hosts file

      • SDImmunize.exe (PID: 3292)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3448)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3448)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
73
Monitored processes
20
Malicious processes
18
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe spybotsd-2.8.68.0.exe spybotsd-2.8.68.0.tmp no specs spybotsd-2.8.68.0.exe spybotsd-2.8.68.0.tmp sdtray.exe setup-signatures.exe no specs sdfssvc.exe sdupdsvc.exe sdupdate.exe sdupdate.exe sdspybotlab.exe sdspybotlab.exe werfault.exe no specs spybotsd2-install-bdcore-update-2020a.exe no specs spybotsd2-install-bdcore-update-2020a.tmp sdwelcome.exe sdimmunize.exe no specs sdimmunize.exe

Process information

PID
CMD
Path
Indicators
Parent process
3448"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.safer-networking.org/products/spybot-free-edition/download-mirror-1/"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3336"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3448 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3016"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\spybotsd-2.8.68.0.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\spybotsd-2.8.68.0.exe
iexplore.exe
User:
admin
Company:
Safer-Networking Ltd.
Integrity Level:
MEDIUM
Description:
Spybot - Search & Destroy
Exit code:
0
Version:
2.8.68.0
2068"C:\Users\admin\AppData\Local\Temp\is-PQC3G.tmp\spybotsd-2.8.68.0.tmp" /SL5="$C024C,68440474,806912,C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\spybotsd-2.8.68.0.exe" C:\Users\admin\AppData\Local\Temp\is-PQC3G.tmp\spybotsd-2.8.68.0.tmpspybotsd-2.8.68.0.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
3728"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\spybotsd-2.8.68.0.exe" /SPAWNWND=$60160 /NOTIFYWND=$C024C C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\spybotsd-2.8.68.0.exe
spybotsd-2.8.68.0.tmp
User:
admin
Company:
Safer-Networking Ltd.
Integrity Level:
HIGH
Description:
Spybot - Search & Destroy
Exit code:
0
Version:
2.8.68.0
3024"C:\Users\admin\AppData\Local\Temp\is-Q3DLF.tmp\spybotsd-2.8.68.0.tmp" /SL5="$70164,68440474,806912,C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\spybotsd-2.8.68.0.exe" /SPAWNWND=$60160 /NOTIFYWND=$C024C C:\Users\admin\AppData\Local\Temp\is-Q3DLF.tmp\spybotsd-2.8.68.0.tmp
spybotsd-2.8.68.0.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
2696"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
spybotsd-2.8.68.0.tmp
User:
admin
Company:
Safer-Networking Ltd.
Integrity Level:
HIGH
Description:
Spybot - Search & Destroy tray access
Version:
2.8.67.129
2728"C:\Users\admin\AppData\Local\Temp\is-R3M9E.tmp\setup-signatures.exe" /S /D=C:\Program Files\Spybot - Search & Destroy 2C:\Users\admin\AppData\Local\Temp\is-R3M9E.tmp\setup-signatures.exespybotsd-2.8.68.0.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
0
1848"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
services.exe
User:
SYSTEM
Company:
Safer-Networking Ltd.
Integrity Level:
SYSTEM
Description:
Spybot 2 Scanner Service
Exit code:
0
Version:
2.8.68.220
2412"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
services.exe
User:
SYSTEM
Company:
Safer-Networking Ltd.
Integrity Level:
SYSTEM
Description:
Spybot 2 Background Update Service
Version:
2.8.68.83
Total events
9 569
Read events
3 648
Write events
0
Delete events
0

Modification events

No data
Executable files
116
Suspicious files
126
Text files
164
Unknown types
197

Dropped files

PID
Process
Filename
Type
3336iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab7240.tmp
MD5:
SHA256:
3336iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar7241.tmp
MD5:
SHA256:
3336iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\GCONS4CO.txt
MD5:
SHA256:
3336iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\style.1553000490[1].csstext
MD5:513064AB57FC81ED2C9AE3AC8B51C412
SHA256:9186DAF4ED10EDB01AA2CEE10E9C1EF8BEDC62FBCC6F7C0FA9183351BAAED171
3336iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\checkout[1].jstext
MD5:25B928505CA63451180F89DD041997CE
SHA256:6AA2107FF7DA23EAECC78D1A2EA90D805A048B163DF30E9328084FA4C4F2EDD6
3336iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\download-mirror-1[1].htmhtml
MD5:9B4B369BA995BFD656239151AD1291AD
SHA256:DE329DD4035CADA34905509563F50C4E7437673E19ECB604673BF9CA0046A41E
3336iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\A4EHKMRF.txttext
MD5:917BA80E03C92A40443328B5C6130F48
SHA256:64345B7269450C91058D2AB4A6F32992814B020DC3E3831661903132F5A1D9B8
3336iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\frontend.1529135204[1].csstext
MD5:0E161E16D789BF14DDA632172D231FDD
SHA256:7E57269BDD2CE18D1CFF1A6D1B8F64411DE43D165B66FE33BB3C1E72C350D0BC
3336iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619der
MD5:4FD63C454B64534FD35208E2098F34B7
SHA256:2F53AEF6118DD563A8B3D22269DCE6DA81E4E80E34C455DA65DF89D0E5895DB8
3336iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619binary
MD5:6FBA8471AEC42435C353B68912174BFF
SHA256:287718F40E09600A354807B4C5DD4C3912F9C3222D126C5EEE30A588A2D059F8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
70
TCP/UDP connections
98
DNS requests
31
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2696
SDTray.exe
GET
304
205.185.216.10:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
whitelisted
3024
spybotsd-2.8.68.0.tmp
GET
302
167.114.117.64:80
http://www.safer-networking.org/updallocator.php
CA
whitelisted
3024
spybotsd-2.8.68.0.tmp
GET
95.217.7.90:80
http://updates3.safer-networking.org/spybot1/spybotsd_includes.exe
DE
suspicious
3024
spybotsd-2.8.68.0.tmp
GET
302
167.114.117.64:80
http://www.safer-networking.org/updallocator.php
CA
whitelisted
3336
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D
US
der
471 b
whitelisted
3024
spybotsd-2.8.68.0.tmp
GET
200
128.199.58.66:80
http://updates5.safer-networking.org/spybot1/spybotsd_includes.exe
NL
executable
7.19 Mb
suspicious
2696
SDTray.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D
US
der
471 b
whitelisted
3448
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
2696
SDTray.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSFDxAmS5JEAmWxO0Ue9OdQ9z7zPAQUFQASKxOYspkH7R7for5XDStnAs0CEAMBmgI6%2F1ixa9bV6uYX8GY%3D
US
der
471 b
whitelisted
3336
iexplore.exe
GET
200
2.16.186.11:80
http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D
unknown
der
1.37 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3336
iexplore.exe
151.101.2.133:443
www.paypalobjects.com
Fastly
US
malicious
3336
iexplore.exe
167.114.117.64:443
www.safer-networking.org
OVH SAS
CA
unknown
3448
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3448
iexplore.exe
167.114.117.64:443
www.safer-networking.org
OVH SAS
CA
unknown
3336
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3336
iexplore.exe
163.172.168.58:443
updates2.safer-networking.org
Online S.a.s.
FR
suspicious
3336
iexplore.exe
23.45.98.207:443
t.paypal.com
Akamai International B.V.
NL
whitelisted
3336
iexplore.exe
104.111.228.123:443
www.paypal.com
Akamai International B.V.
NL
unknown
3448
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3448
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
www.safer-networking.org
  • 167.114.117.64
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.paypalobjects.com
  • 151.101.2.133
  • 151.101.66.133
  • 151.101.130.133
  • 151.101.194.133
whitelisted
www.paypal.com
  • 104.111.228.123
whitelisted
t.paypal.com
  • 23.45.98.207
whitelisted
updates2.safer-networking.org
  • 163.172.168.58
suspicious
isrg.trustid.ocsp.identrust.com
  • 2.16.186.11
  • 2.16.186.35
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted

Threats

PID
Process
Class
Message
3024
spybotsd-2.8.68.0.tmp
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3024
spybotsd-2.8.68.0.tmp
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3024
spybotsd-2.8.68.0.tmp
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3024
spybotsd-2.8.68.0.tmp
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDLicense.dll: GetCodeSignatureIssuerPE: -1
SDTray.exe
TMemoryMappedFileBase: Handle created,
SDTray.exe
TMemoryMappedFileBase: Handle created,
SDTray.exe
TMemoryMappedFileBase: Handle created,
SDTray.exe
TMemoryMappedFileBase: Handle created,
SDUpdSvc.exe
TMemoryMappedFileBase: Handle created,
SDUpdSvc.exe
TMemoryMappedFileBase: Handle created,
SDUpdSvc.exe
TMemoryMappedFileBase: Handle created,
SDUpdSvc.exe
TMemoryMappedFileBase: Handle created,
SDUpdSvc.exe
TMemoryMappedFileBase: Handle created,
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.safer-networking.org/products/spybot-free-edition/download-mirror-1/