IOC Report
gta_sa.exe

loading gif

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\gta_sa.exe
"C:\Users\user\Desktop\gta_sa.exe"
malicious

URLs

Name
IP
Malicious
http://www.rockstargames.com
unknown
http://www.rockstarnorth.com
unknown
http://www.rockstargames.com/sanandreas
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
100000
heap
page read and write
401000
unkown
page execute read
1534000
unkown
page execute and write copy
1556000
unkown
page execute and write copy
160000
heap
page read and write
401000
unkown
page execute read
C9E000
unkown
page write copy
1E0000
heap
page read and write
1480000
unkown
page execute and write copy
1557000
unkown
page read and write
400000
unkown
page readonly
858000
unkown
page readonly
361F000
stack
page read and write
150000
heap
page read and write
18D7000
heap
page read and write
150B000
unkown
page execute and write copy
1E3000
heap
page read and write
8A4000
unkown
page write copy
150B000
unkown
page execute and write copy
1513000
unkown
page execute and write copy
1513000
unkown
page execute and write copy
CB1000
unkown
page execute and write copy
8A4000
unkown
page write copy
177C000
stack
page read and write
18CA000
heap
page read and write
14C9000
unkown
page execute and write copy
CB1000
unkown
page execute and write copy
1436000
unkown
page execute and write copy
400000
unkown
page readonly
1558000
unkown
page execute and write copy
F0000
heap
page read and write
1480000
unkown
page execute and write copy
1534000
unkown
page execute and write copy
8BA000
unkown
page write copy
C9E000
unkown
page write copy
1436000
unkown
page execute and write copy
1456000
unkown
page execute and write copy
14C9000
unkown
page execute and write copy
858000
unkown
page readonly
1B80000
heap
page read and write
18C0000
heap
page read and write
1425000
unkown
page execute and write copy
1B60000
heap
page read and write
CB0000
unkown
page readonly
CB0000
unkown
page readonly
1456000
unkown
page execute and write copy
1425000
unkown
page execute and write copy
1556000
unkown
page execute and write copy
9B000
stack
page read and write
1AE000
stack
page read and write
401000
unkown
page execute read
8BA000
unkown
page write copy
There are 42 hidden memdumps, click here to show them.