Edit tour

Windows Analysis Report
ADOC RFQ-WCMS-18097255.exe

Overview

General Information

Sample Name:	ADOC RFQ-WCMS-18097255.exe
Analysis ID:	764045
MD5:	856317033475c7932f8cbf88ec2b7ef8
SHA1:	6b24fa54a990477bde13f64144d5d5a1187c40b9
SHA256:	15700616b67e3ac2d97cfb221762dca3b2b36cc9d3e1cf7ca8737acc9bb4db84
Tags:	exe
Infos:

Detection

AgentTesla

Score:	96
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

Yara detected AgentTesla

Yara detected AntiVM3

Tries to steal Mail credentials (via file / registry access)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Machine Learning detection for sample

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Yara detected Credential Stealer

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Sample file is different than original file name gathered from version info

Detected TCP or UDP traffic on non-standard ports

Binary contains a suspicious time stamp

Uses SMTP (mail sending)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Classification

Process Tree

System is w10x64

ADOC RFQ-WCMS-18097255.exe (PID: 5788 cmdline: C:\Users\user\Desktop\ADOC RFQ-WCMS-18097255.exe MD5: 856317033475C7932F8CBF88EC2B7EF8)

cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Host": "us2.smtp.mailhostbox.com", "Username": "gamzy@freesteelmyst.xyz", "Password": "  JIRUmBO0        "}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.508080417.0000000002B8E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.513606305.0000000003C61000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_AgentTesla_d3ac2b2f	unknown	unknown	0x23760:$a20: get_LastAccessed 0x25885:$a30: set_GuidMasterKey 0x23814:$a33: get_Clipboard 0x23822:$a34: get_Keyboard 0x249cd:$a35: get_ShiftKeyDown 0x249de:$a36: get_AltKeyDown 0x2382f:$a37: get_Password 0x24253:$a38: get_PasswordHash 0x250d6:$a39: get_DefaultCredentials
00000000.00000002.519041329.0000000007040000.00000004.08000000.00040000.00000000.sdmp	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x2619e:$s10: logins 0x25cd7:$s11: credential 0x22b94:$g1: get_Clipboard 0x22ba2:$g2: get_Keyboard 0x22baf:$g3: get_Password 0x23d3d:$g4: get_CtrlKeyDown 0x23d4d:$g5: get_ShiftKeyDown 0x23d5e:$g6: get_AltKeyDown
00000000.00000002.519041329.0000000007040000.00000004.08000000.00040000.00000000.sdmp	Windows_Trojan_AgentTesla_d3ac2b2f	unknown	unknown	0x22ae0:$a20: get_LastAccessed 0x24c05:$a30: set_GuidMasterKey 0x22b94:$a33: get_Clipboard 0x22ba2:$a34: get_Keyboard 0x23d4d:$a35: get_ShiftKeyDown 0x23d5e:$a36: get_AltKeyDown 0x22baf:$a37: get_Password 0x235d3:$a38: get_PasswordHash 0x24456:$a39: get_DefaultCredentials
00000000.00000002.510469030.0000000003881000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_AgentTesla_d3ac2b2f	unknown	unknown	0x53430:$a20: get_LastAccessed 0x55555:$a30: set_GuidMasterKey 0x534e4:$a33: get_Clipboard 0x534f2:$a34: get_Keyboard 0x5469d:$a35: get_ShiftKeyDown 0x546ae:$a36: get_AltKeyDown 0x534ff:$a37: get_Password 0x53f23:$a38: get_PasswordHash 0x54da6:$a39: get_DefaultCredentials
00000000.00000002.505811223.0000000002881000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.505811223.0000000002881000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000000.00000002.505811223.0000000002881000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: ADOC RFQ-WCMS-18097255.exe PID: 5788	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: ADOC RFQ-WCMS-18097255.exe PID: 5788	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: ADOC RFQ-WCMS-18097255.exe PID: 5788	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: ADOC RFQ-WCMS-18097255.exe PID: 5788	Windows_Trojan_AgentTesla_d3ac2b2f	unknown	unknown	0x6d4f:$a20: get_LastAccessed 0x77c12:$a20: get_LastAccessed 0x124e2e:$a20: get_LastAccessed 0x8b8c:$a30: set_GuidMasterKey 0x79a4f:$a30: set_GuidMasterKey 0x126c6b:$a30: set_GuidMasterKey 0x6df7:$a33: get_Clipboard 0x77cba:$a33: get_Clipboard 0x124ed6:$a33: get_Clipboard 0x6e05:$a34: get_Keyboard 0x77cc8:$a34: get_Keyboard 0x124ee4:$a34: get_Keyboard 0x7e3e:$a35: get_ShiftKeyDown 0x78d01:$a35: get_ShiftKeyDown 0x125f1d:$a35: get_ShiftKeyDown 0x7e4f:$a36: get_AltKeyDown 0x78d12:$a36: get_AltKeyDown 0x125f2e:$a36: get_AltKeyDown 0x6e12:$a37: get_Password 0x77cd5:$a37: get_Password 0x124ef1:$a37: get_Password
Click to see the 7 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.ADOC RFQ-WCMS-18097255.exe.7040000.12.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x2439e:$s10: logins 0x23ed7:$s11: credential 0x20d94:$g1: get_Clipboard 0x20da2:$g2: get_Keyboard 0x20daf:$g3: get_Password 0x21f3d:$g4: get_CtrlKeyDown 0x21f4d:$g5: get_ShiftKeyDown 0x21f5e:$g6: get_AltKeyDown
0.2.ADOC RFQ-WCMS-18097255.exe.7040000.12.unpack	Windows_Trojan_AgentTesla_d3ac2b2f	unknown	unknown	0x20ce0:$a20: get_LastAccessed 0x22e05:$a30: set_GuidMasterKey 0x20d94:$a33: get_Clipboard 0x20da2:$a34: get_Keyboard 0x21f4d:$a35: get_ShiftKeyDown 0x21f5e:$a36: get_AltKeyDown 0x20daf:$a37: get_Password 0x217d3:$a38: get_PasswordHash 0x22656:$a39: get_DefaultCredentials
0.2.ADOC RFQ-WCMS-18097255.exe.3c61c80.6.raw.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x2619e:$s10: logins 0x25cd7:$s11: credential 0x22b94:$g1: get_Clipboard 0x22ba2:$g2: get_Keyboard 0x22baf:$g3: get_Password 0x23d3d:$g4: get_CtrlKeyDown 0x23d4d:$g5: get_ShiftKeyDown 0x23d5e:$g6: get_AltKeyDown
0.2.ADOC RFQ-WCMS-18097255.exe.3c61c80.6.raw.unpack	Windows_Trojan_AgentTesla_d3ac2b2f	unknown	unknown	0x22ae0:$a20: get_LastAccessed 0x24c05:$a30: set_GuidMasterKey 0x22b94:$a33: get_Clipboard 0x22ba2:$a34: get_Keyboard 0x23d4d:$a35: get_ShiftKeyDown 0x23d5e:$a36: get_AltKeyDown 0x22baf:$a37: get_Password 0x235d3:$a38: get_PasswordHash 0x24456:$a39: get_DefaultCredentials
0.2.ADOC RFQ-WCMS-18097255.exe.3889930.3.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x4c3be:$s10: logins 0x4bef7:$s11: credential 0x48db4:$g1: get_Clipboard 0x48dc2:$g2: get_Keyboard 0x48dcf:$g3: get_Password 0x49f5d:$g4: get_CtrlKeyDown 0x49f6d:$g5: get_ShiftKeyDown 0x49f7e:$g6: get_AltKeyDown
0.2.ADOC RFQ-WCMS-18097255.exe.3889930.3.unpack	Windows_Trojan_AgentTesla_d3ac2b2f	unknown	unknown	0x48d00:$a20: get_LastAccessed 0x4ae25:$a30: set_GuidMasterKey 0x48db4:$a33: get_Clipboard 0x48dc2:$a34: get_Keyboard 0x49f6d:$a35: get_ShiftKeyDown 0x49f7e:$a36: get_AltKeyDown 0x48dcf:$a37: get_Password 0x497f3:$a38: get_PasswordHash 0x4a676:$a39: get_DefaultCredentials
0.2.ADOC RFQ-WCMS-18097255.exe.7040000.12.raw.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x2619e:$s10: logins 0x25cd7:$s11: credential 0x22b94:$g1: get_Clipboard 0x22ba2:$g2: get_Keyboard 0x22baf:$g3: get_Password 0x23d3d:$g4: get_CtrlKeyDown 0x23d4d:$g5: get_ShiftKeyDown 0x23d5e:$g6: get_AltKeyDown
0.2.ADOC RFQ-WCMS-18097255.exe.7040000.12.raw.unpack	Windows_Trojan_AgentTesla_d3ac2b2f	unknown	unknown	0x22ae0:$a20: get_LastAccessed 0x24c05:$a30: set_GuidMasterKey 0x22b94:$a33: get_Clipboard 0x22ba2:$a34: get_Keyboard 0x23d4d:$a35: get_ShiftKeyDown 0x23d5e:$a36: get_AltKeyDown 0x22baf:$a37: get_Password 0x235d3:$a38: get_PasswordHash 0x24456:$a39: get_DefaultCredentials
0.2.ADOC RFQ-WCMS-18097255.exe.3c61c80.6.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x2439e:$s10: logins 0x23ed7:$s11: credential 0x20d94:$g1: get_Clipboard 0x20da2:$g2: get_Keyboard 0x20daf:$g3: get_Password 0x21f3d:$g4: get_CtrlKeyDown 0x21f4d:$g5: get_ShiftKeyDown 0x21f5e:$g6: get_AltKeyDown
0.2.ADOC RFQ-WCMS-18097255.exe.3c61c80.6.unpack	Windows_Trojan_AgentTesla_d3ac2b2f	unknown	unknown	0x20ce0:$a20: get_LastAccessed 0x22e05:$a30: set_GuidMasterKey 0x20d94:$a33: get_Clipboard 0x20da2:$a34: get_Keyboard 0x21f4d:$a35: get_ShiftKeyDown 0x21f5e:$a36: get_AltKeyDown 0x20daf:$a37: get_Password 0x217d3:$a38: get_PasswordHash 0x22656:$a39: get_DefaultCredentials
0.2.ADOC RFQ-WCMS-18097255.exe.38b1950.2.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x2439e:$s10: logins 0x23ed7:$s11: credential 0x20d94:$g1: get_Clipboard 0x20da2:$g2: get_Keyboard 0x20daf:$g3: get_Password 0x21f3d:$g4: get_CtrlKeyDown 0x21f4d:$g5: get_ShiftKeyDown 0x21f5e:$g6: get_AltKeyDown
0.2.ADOC RFQ-WCMS-18097255.exe.38b1950.2.unpack	Windows_Trojan_AgentTesla_d3ac2b2f	unknown	unknown	0x20ce0:$a20: get_LastAccessed 0x22e05:$a30: set_GuidMasterKey 0x20d94:$a33: get_Clipboard 0x20da2:$a34: get_Keyboard 0x21f4d:$a35: get_ShiftKeyDown 0x21f5e:$a36: get_AltKeyDown 0x20daf:$a37: get_Password 0x217d3:$a38: get_PasswordHash 0x22656:$a39: get_DefaultCredentials
0.2.ADOC RFQ-WCMS-18097255.exe.2a5ddcc.1.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.ADOC RFQ-WCMS-18097255.exe.2a5ddcc.1.raw.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0.2.ADOC RFQ-WCMS-18097255.exe.2a5ddcc.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.ADOC RFQ-WCMS-18097255.exe.2a5ddcc.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste	Detects executables potentially checking for WinJail sandbox window	ditekSHen	0x24eda:$v1: SbieDll.dll 0x2087a:$v2: USER 0x2090e:$v2: USER 0x24ef4:$v2: USER 0xfa07a:$v2: USER 0xfa102:$v2: USER 0xfa132:$v2: USER 0xfb7a2:$v2: USER 0xfb83a:$v2: USER 0xfb86a:$v2: USER 0x24f00:$v3: SANDBOX 0x24f12:$v4: VIRUS 0x24f62:$v4: VIRUS 0x24f20:$v5: MALWARE 0x24f32:$v6: SCHMIDTI 0x24f46:$v7: CURRENTUSER
0.2.ADOC RFQ-WCMS-18097255.exe.2a5ddcc.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0xf0d8:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x20198:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0xf10f:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x20224:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0xf152:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x202c8:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0xf199:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x20374:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0xf1cc:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x20404:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0xf203:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x20490:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0xf24c:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x20540:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0xf292:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548 0x205ec:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.ADOC RFQ-WCMS-18097255.exe.3889930.3.raw.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x4e1be:$s10: logins 0x4dcf7:$s11: credential 0x4abb4:$g1: get_Clipboard 0x4abc2:$g2: get_Keyboard 0x4abcf:$g3: get_Password 0x4bd5d:$g4: get_CtrlKeyDown 0x4bd6d:$g5: get_ShiftKeyDown 0x4bd7e:$g6: get_AltKeyDown
0.2.ADOC RFQ-WCMS-18097255.exe.3889930.3.raw.unpack	Windows_Trojan_AgentTesla_d3ac2b2f	unknown	unknown	0x4ab00:$a20: get_LastAccessed 0x4cc25:$a30: set_GuidMasterKey 0x4abb4:$a33: get_Clipboard 0x4abc2:$a34: get_Keyboard 0x4bd6d:$a35: get_ShiftKeyDown 0x4bd7e:$a36: get_AltKeyDown 0x4abcf:$a37: get_Password 0x4b5f3:$a38: get_PasswordHash 0x4c476:$a39: get_DefaultCredentials
0.2.ADOC RFQ-WCMS-18097255.exe.38b1950.2.raw.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x2619e:$s10: logins 0x25cd7:$s11: credential 0x22b94:$g1: get_Clipboard 0x22ba2:$g2: get_Keyboard 0x22baf:$g3: get_Password 0x23d3d:$g4: get_CtrlKeyDown 0x23d4d:$g5: get_ShiftKeyDown 0x23d5e:$g6: get_AltKeyDown
0.2.ADOC RFQ-WCMS-18097255.exe.38b1950.2.raw.unpack	Windows_Trojan_AgentTesla_d3ac2b2f	unknown	unknown	0x22ae0:$a20: get_LastAccessed 0x24c05:$a30: set_GuidMasterKey 0x22b94:$a33: get_Clipboard 0x22ba2:$a34: get_Keyboard 0x23d4d:$a35: get_ShiftKeyDown 0x23d5e:$a36: get_AltKeyDown 0x22baf:$a37: get_Password 0x235d3:$a38: get_PasswordHash 0x24456:$a39: get_DefaultCredentials
0.2.ADOC RFQ-WCMS-18097255.exe.2a3096c.0.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.ADOC RFQ-WCMS-18097255.exe.2a3096c.0.raw.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0.2.ADOC RFQ-WCMS-18097255.exe.2a3096c.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.ADOC RFQ-WCMS-18097255.exe.2a3096c.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste	Detects executables potentially checking for WinJail sandbox window	ditekSHen	0x5233a:$v1: SbieDll.dll 0x4dcda:$v2: USER 0x4dd6e:$v2: USER 0x52354:$v2: USER 0x1274da:$v2: USER 0x127562:$v2: USER 0x127592:$v2: USER 0x128c02:$v2: USER 0x128c9a:$v2: USER 0x128cca:$v2: USER 0x52360:$v3: SANDBOX 0x52372:$v4: VIRUS 0x523c2:$v4: VIRUS 0x52380:$v5: MALWARE 0x52392:$v6: SCHMIDTI 0x523a6:$v7: CURRENTUSER
0.2.ADOC RFQ-WCMS-18097255.exe.2a3096c.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x3c538:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x4d5f8:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x3c56f:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x4d684:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3c5b2:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x4d728:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x3c5f9:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x4d7d4:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x3c62c:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x4d864:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x3c663:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x4d8f0:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x3c6ac:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x4d9a0:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x3c6f2:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548 0x4da4c:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
Click to see the 21 entries

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Machine Learning detection for sample

Source: ADOC RFQ-WCMS-18097255.exe

Joe Sandbox ML: detected

Source: 0.2.ADOC RFQ-WCMS-18097255.exe.3c61c80.6.unpack

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Host": "us2.smtp.mailhostbox.com", "Username": "gamzy@freesteelmyst.xyz", "Password": " JIRUmBO0 "}

Source: ADOC RFQ-WCMS-18097255.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: ADOC RFQ-WCMS-18097255.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_A

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report
ADOC RFQ-WCMS-18097255.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Agenttesla

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report ADOC RFQ-WCMS-18097255.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Agenttesla

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Windows Analysis Report
ADOC RFQ-WCMS-18097255.exe