Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\450230549.exe

"C:\Users\user\Desktop\450230549.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7068
Target ID:	0
Parent PID:	2580
Name:	450230549.exe
Path:	C:\Users\user\Desktop\450230549.exe
Commandline:	"C:\Users\user\Desktop\450230549.exe"
Size:	107848
MD5:	5086980F3EE0C035EC304102E6981410
Time:	03:18:52
Date:	26/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x3d0000
Modulesize:	122880
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Yara detected AntiVM3	Malware Analysis System Evasion
Machine Learning detection for sample	AV Detection
Yara detected Generic Downloader	Networking
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
PE / OLE file has an invalid certificate	System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6444
Target ID:	1
Parent PID:	7068
Name:	RegAsm.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Size:	65440
MD5:	0D5DF43AF2916F47D00C1573797C1A13
Time:	03:18:54
Date:	26/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x200000
Modulesize:	73728
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: RegAsm connects to smtp port	Networking
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Allocates memory in foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Installs a global keyboard hook	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Yara detected Generic Downloader	Networking
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Details

Is windows:	true
Is dropped:	false
PID:	5324
Target ID:	2
Parent PID:	7068
Name:	RegAsm.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Size:	65440
MD5:	0D5DF43AF2916F47D00C1573797C1A13
Time:	03:18:54
Date:	26/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xe0000
Modulesize:	73728
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: RegAsm connects to smtp port	Networking
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Allocates memory in foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Installs a global keyboard hook	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Yara detected Generic Downloader	Networking
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Details

Is windows:	true
Is dropped:	false
PID:	4136
Target ID:	3
Parent PID:	7068
Name:	RegAsm.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Size:	65440
MD5:	0D5DF43AF2916F47D00C1573797C1A13
Time:	03:18:54
Date:	26/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x530000
Modulesize:	73728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: RegAsm connects to smtp port	Networking
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Allocates memory in foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Installs a global keyboard hook	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Yara detected Generic Downloader	Networking
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://cdn.discordapp.com/attachments/1288648799220400244/1288752046828425256/kingggggme.txt?ex=66f6535f&is=66f501df&hm=79c31af27b70e67c8e5bccaa49762a5ee024314b22617ea8ae2de8893a0fe97d&

162.159.134.233

http://mail.zqamcx.com

unknown

https://account.dyn.com/

unknown

http://r11.o.lencr.org0#

unknown

http://x1.c.lencr.org/0

unknown

http://x1.i.lencr.org/0

unknown

http://cdn.discordapp.com

unknown

http://ip-api.com

unknown

https://cdn.discordapp.com/attachments/1288648799220400244/1288752046828425256/kingggggme.txt?ex=66f

unknown

http://zqamcx.com

unknown

https://cdn.discordapp.com

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://r11.i.lencr.org/0#

unknown

http://ip-api.com/line/?fields=hosting

208.95.112.1

http://cdn.discordapp.comd

unknown

There are 5 hidden URLs, click here to show them.

Domains

Name

Malicious

zqamcx.com

78.110.166.82

Details

Name:	zqamcx.com
IP:	78.110.166.82
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Sigma detected: RegAsm connects to smtp port	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Uses SMTP (mail sending)	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

ip-api.com

208.95.112.1

Details

Name:	ip-api.com
IP:	208.95.112.1
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Check if machine is in data center or colocation facility	Malware Analysis System Evasion	Security Software Discovery
HTTP GET or POST without a user agent	Networking
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

mail.zqamcx.com

unknown

Details

Name:	mail.zqamcx.com
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

cdn.discordapp.com

162.159.134.233

Details

Name:	cdn.discordapp.com
IP:	162.159.134.233
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

198.187.3.20.in-addr.arpa

unknown

IPs

Domain

Country

Malicious

208.95.112.1

ip-api.com

United States

78.110.166.82

zqamcx.com

United Kingdom

Details

IP:	78.110.166.82
TargetID:	3
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Country:	United Kingdom
Countrycode:	GBR
ASN number:	42831
ASN name:	UKSERVERS-ASUKDedicatedServersHostingandCo-Location
Private:	false
Domain:	zqamcx.com

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: RegAsm connects to smtp port	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Uses SMTP (mail sending)	Networking	Application Layer Protocol

162.159.134.233

cdn.discordapp.com

United States

Details

IP:	162.159.134.233
TargetID:	0
Current Path:	C:\Users\user\Desktop\450230549.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	cdn.discordapp.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\450230549_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\450230549_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\450230549_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\450230549_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\450230549_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\450230549_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\450230549_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\450230549_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\450230549_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\450230549_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\450230549_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\450230549_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\450230549_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\450230549_RASMANCS

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS

FileDirectory

There are 19 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

2925000

trusted library allocation

page read and write

28D5000

trusted library allocation

page read and write

3709000

trusted library allocation

page read and write

2902000

trusted library allocation

page read and write

402000

remote allocation

page execute and read and write

612D000

trusted library allocation

page read and write

4D52000

trusted library allocation

page read and write

9DE000

heap

page read and write

4EAE000

stack

page read and write

AB5000

heap

page read and write

D68000

heap

page read and write

CA0000

heap

page read and write

5ADE000

stack

page read and write

C3B000

trusted library allocation

page execute and read and write

A90000

heap

page read and write

6260000

trusted library allocation

page read and write

EC0000

heap

page read and write

4D4D000

trusted library allocation

page read and write

2914000

trusted library allocation

page read and write

8F9000

stack

page read and write

616D000

stack

page read and write

BF3000

trusted library allocation

page execute and read and write

522E000

stack

page read and write

C9E000

stack

page read and write

CD3000

trusted library allocation

page execute and read and write

275F000

trusted library allocation

page read and write

EF6000

heap

page read and write

DAE000

stack

page read and write

D60000

heap

page execute and read and write

4C1D000

stack

page read and write

26E0000

heap

page read and write

593E000

stack

page read and write

60DD000

stack

page read and write

D40000

trusted library allocation

page read and write

4D3E000

trusted library allocation

page read and write

7E0000

heap

page read and write

9D0000

heap

page read and write

855000

heap

page read and write

28A1000

trusted library allocation

page read and write

61BE000

stack

page read and write

2756000

trusted library allocation

page read and write

536E000

stack

page read and write

2794000

trusted library allocation

page read and write

2A0D000

trusted library allocation

page read and write

400000

remote allocation

page execute and read and write

4D60000

heap

page read and write

61C0000

trusted library allocation

page read and write

553D000

stack

page read and write

506C000

stack

page read and write

60F0000

trusted library allocation

page execute and read and write

5AD8000

heap

page read and write

D0B000

trusted library allocation

page execute and read and write

990000

heap

page read and write

4D41000

trusted library allocation

page read and write

AD0000

heap

page read and write

3D0000

unkown

page readonly

287E000

trusted library allocation

page read and write

83D000

stack

page read and write

C10000

heap

page read and write

6100000

trusted library allocation

page read and write

2C03000

trusted library allocation

page read and write

C35000

trusted library allocation

page execute and read and write

563C000

stack

page read and write

277A000

trusted library allocation

page read and write

E9F000

stack

page read and write

6290000

trusted library allocation

page read and write

EF0000

heap

page read and write

D3E000

heap

page read and write

2908000

trusted library allocation

page read and write

D30000

trusted library allocation

page execute and read and write

9D8000

heap

page read and write

5C1E000

stack

page read and write

2780000

trusted library allocation

page read and write

C32000

trusted library allocation

page read and write

6120000

trusted library allocation

page read and write

C22000

trusted library allocation

page read and write

57FF000

stack

page read and write

3E2000

unkown

page readonly

26A8000

trusted library allocation

page read and write

4E1E000

stack

page read and write

5AF0000

heap

page read and write

C20000

trusted library allocation

page read and write

C00000

trusted library allocation

page read and write

5BDD000

stack

page read and write

2783000

trusted library allocation

page read and write

38A1000

trusted library allocation

page read and write

4DBC000

stack

page read and write

5D5E000

stack

page read and write

2933000

trusted library allocation

page read and write

A7A000

heap

page read and write

4FAF000

stack

page read and write

C37000

trusted library allocation

page execute and read and write

60E8000

trusted library allocation

page read and write

BFD000

trusted library allocation

page execute and read and write

CAB000

heap

page read and write

5E73000

heap

page read and write

53AE000

stack

page read and write

6170000

trusted library allocation

page execute and read and write

D07000

trusted library allocation

page execute and read and write

6740000

heap

page read and write

2880000

trusted library allocation

page read and write

5DA000

stack

page read and write

2701000

trusted library allocation

page read and write

4C5D000

stack

page read and write

CF7000

trusted library allocation

page execute and read and write

E10000

trusted library allocation

page read and write

27B2000

trusted library allocation

page read and write

599C000

stack

page read and write

970000

heap

page read and write

CE0000

heap

page read and write

7F0000

heap

page read and write

54AF000

stack

page read and write

512E000

stack

page read and write

56FE000

stack

page read and write

6107000

trusted library allocation

page read and write

E30000

heap

page read and write

A05000

heap

page read and write

4D2B000

trusted library allocation

page read and write

5E9E000

stack

page read and write

526E000

stack

page read and write

5AD0000

heap

page read and write

D6E000

heap

page read and write

2762000

trusted library allocation

page read and write

2890000

heap

page execute and read and write

4E70000

heap

page read and write

277C000

stack

page read and write

BE0000

trusted library allocation

page read and write

A3E000

heap

page read and write

AD5000

heap

page read and write

27AA000

trusted library allocation

page read and write

2900000

trusted library allocation

page read and write

625E000

stack

page read and write

4C60000

heap

page execute and read and write

5A9C000

stack

page read and write

4D2E000

trusted library allocation

page read and write

A47000

heap

page read and write

50EE000

stack

page read and write

A7D000

heap

page read and write

7F1A0000

trusted library allocation

page execute and read and write

C50000

trusted library allocation

page read and write

26DE000

stack

page read and write

4E60000

heap

page execute and read and write

5ADE000

heap

page read and write

A20000

heap

page read and write

287E000

stack

page read and write

850000

heap

page read and write

CFA000

trusted library allocation

page execute and read and write

6110000

trusted library allocation

page read and write

26F0000

heap

page read and write

5D1D000

stack

page read and write

BF4000

trusted library allocation

page read and write

4D46000

trusted library allocation

page read and write

CDD000

heap

page read and write

AC7000

heap

page read and write

292D000

trusted library allocation

page read and write

62A0000

trusted library allocation

page execute and read and write

27AE000

trusted library allocation

page read and write

6117000

trusted library allocation

page read and write

BF0000

trusted library allocation

page read and write

5F9E000

stack

page read and write

4D32000

trusted library allocation

page read and write

AA6000

heap

page read and write

2751000

trusted library allocation

page read and write

A81000

heap

page read and write

A9B000

heap

page read and write

C0D000

trusted library allocation

page execute and read and write

EE0000

trusted library allocation

page read and write

96E000

stack

page read and write

CCF000

stack

page read and write

ED0000

trusted library allocation

page read and write

489E000

stack

page read and write

EA0000

trusted library allocation

page execute and read and write

9C0000

trusted library allocation

page read and write

DEC000

stack

page read and write

D02000

trusted library allocation

page read and write

60E0000

trusted library allocation

page read and write

CD4000

trusted library allocation

page read and write

274E000

trusted library allocation

page read and write

5FDE000

stack

page read and write

5E5E000

stack

page read and write

CF2000

trusted library allocation

page read and write

4D20000

trusted library allocation

page read and write

779000

stack

page read and write

5E60000

heap

page read and write

EB0000

trusted library allocation

page read and write

645F000

stack

page read and write

516E000

stack

page read and write

2759000

trusted library allocation

page read and write

278A000

trusted library allocation

page read and write

CD0000

trusted library allocation

page read and write

3701000

trusted library allocation

page read and write

DF0000

trusted library allocation

page read and write

3908000

trusted library allocation

page read and write

4D64000

heap

page read and write

BCE000

stack

page read and write

CDD000

trusted library allocation

page execute and read and write

A14000

heap

page read and write

A8E000

stack

page read and write

BDE000

stack

page read and write

C26000

trusted library allocation

page execute and read and write

4FED000

stack

page read and write

3E0000

unkown

page readonly

940000

heap

page read and write

3D2000

unkown

page readonly

279A000

trusted library allocation

page read and write

626B000

trusted library allocation

page read and write

5D10000

heap

page read and write

2767000

trusted library allocation

page read and write

2921000

trusted library allocation

page read and write

CE0000

trusted library allocation

page read and write

583E000

stack

page read and write

67C000

stack

page read and write

C2A000

trusted library allocation

page execute and read and write

5F70000

heap

page read and write

62B0000

heap

page read and write

38C9000

trusted library allocation

page read and write

There are 206 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
450230549.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report450230549.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
450230549.exe