Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	928
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	413224
MD5:	4453D7BC66E29C48ED6495BFA820E5B5
Time:	13:49:09
Date:	26/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x90000
Modulesize:	425984
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Vidar stealer	Stealing of Sensitive Information, Remote Access Functionality
PE / OLE file has an invalid certificate	System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Details

Is windows:	true
Is dropped:	false
PID:	4628
Target ID:	2
Parent PID:	928
Name:	RegAsm.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Size:	65440
MD5:	0D5DF43AF2916F47D00C1573797C1A13
Time:	13:49:09
Date:	26/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xf0000
Modulesize:	73728
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Vidar stealer	Stealing of Sensitive Information, Remote Access Functionality
Allocates memory in foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)	Malware Analysis System Evasion	Security Software Discovery
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Details

Is windows:	true
Is dropped:	false
PID:	5676
Target ID:	3
Parent PID:	928
Name:	RegAsm.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Size:	65440
MD5:	0D5DF43AF2916F47D00C1573797C1A13
Time:	13:49:09
Date:	26/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7b0000
Modulesize:	73728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Vidar stealer	Stealing of Sensitive Information, Remote Access Functionality
Allocates memory in foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)	Malware Analysis System Evasion	Security Software Discovery
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	5448
Target ID:	1
Parent PID:	928
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	13:49:09
Date:	26/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 2188

Details

Is windows:	true
Is dropped:	false
PID:	5684
Target ID:	9
Parent PID:	5676
Name:	WerFault.exe
Path:	C:\Windows\SysWOW64\WerFault.exe
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 2188
Size:	483680
MD5:	C31336C1EFC2CCB44B4326EA793040F2
Time:	13:49:38
Date:	26/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff72bec0000
Modulesize:	135168
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
One or more processes crash	System Summary
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://5.75.211.162/sqlp.dllg

unknown

https://steamcommunity.com/profiles/76561199780418869H

unknown

https://5.75.211.162/sqlp.dllb

unknown

https://steamcommunity.com/profiles/76561199780418869/badges

unknown

https://steamcommunity.com/profiles/76561199780418869/inventory/

unknown

https://steamcommunity.com/profiles/76561199780418869

104.102.49.254

https://5.75.211.162/%

unknown

https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0

unknown

https://5.75.211.162

unknown

https://t.me/ae5ed

unknown

https://5.75.211.162.exe

unknown

https://5.75.211.162/sqlp.dll

unknown

https://5.75.211.162/sqlp.dlls.exe

unknown

https://5.75.211.162/E

unknown

https://5.75.211.162/2

unknown

https://5.75.211.162/V

unknown

https://5.75.211.162/c

unknown

https://5.75.211.162/M

unknown

https://5.75.211.162/

5.75.211.162

https://steamcommunity.com/

unknown

https://5.75.211.162BKFCB

unknown

https://steamcommunity.com/my/wishlist/

unknown

https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english

unknown

http://ocsp.entrust.net03

unknown

https://steamcommunity.com/?subsection=broadcasts

unknown

http://ocsp.entrust.net02

unknown

https://help.steampowered.com/en/

unknown

https://steamcommunity.com/market/

unknown

https://store.steampowered.com/news/

unknown

https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=B0lGn8MokmdT&l=e

unknown

https://store.steampowered.com/subscriber_agreement/

unknown

http://store.steampowered.com/subscriber_agreement/

unknown

https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org

unknown

https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6

unknown

https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1

unknown

https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en

unknown

http://www.valvesoftware.com/legal.htm

unknown

https://steamcommunity.com/discussions/

unknown

https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=nSnUuYf7g6U1&a

unknown

https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp

unknown

https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png

unknown

https://store.steampowered.com/stats/

unknown

http://cowod.hopto.org_DEBUG.zip/c

unknown

https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png

unknown

https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1

unknown

https://store.steampowered.com/steam_refunds/

unknown

https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&

unknown

https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback

unknown

https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL

unknown

http://crl.entrust.net/ts1ca.crl0

unknown

https://steamcommunity.com/workshop/

unknown

https://store.steampowered.com/legal/

unknown

https://store.steampowered.com/privac

unknown

https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e

unknown

https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv

unknown

https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=WnGP

unknown

https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl

unknown

https://steamcommunity.com/login/home/?goto=profiles%2F76561199780418869

unknown

http://www.entrust.net/rpa03

unknown

http://store.steampowered.com/privacy_agreement/

unknown

https://store.steampowered.com/points/shop/

unknown

http://aia.entrust.net/ts1-chain256.cer01

unknown

http://upx.sf.net

unknown

https://store.steampowered.com/

unknown

https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw

unknown

https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif

unknown

https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg

unknown

https://store.steampowered.com/privacy_agreement/

unknown

https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0

unknown

https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016

unknown

https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=PzKBszTg

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am

unknown

https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english

unknown

https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english

unknown

https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english

unknown

http://store.steampowered.com/account/cookiepreferences/

unknown

https://store.steampowered.com/mobile

unknown

https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png

unknown

https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english

unknown

https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis

unknown

http://crl.entrust.net/2048ca.crl0

unknown

https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC

unknown

https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl

unknown

https://www.entrust.net/rpa0

unknown

https://store.steampowered.com/about/

unknown

There are 77 hidden URLs, click here to show them.

Domains

Name

Malicious

steamcommunity.com

104.102.49.254

Details

Name:	steamcommunity.com
IP:	104.102.49.254
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

104.102.49.254

steamcommunity.com

United States

Details

IP:	104.102.49.254
TargetID:	3
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Country:	United States
Countrycode:	USA
ASN number:	16625
ASN name:	AKAMAI-ASUS
Private:	false
Domain:	steamcommunity.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

5.75.211.162

unknown

Germany

Details

IP:	5.75.211.162
TargetID:	3
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Country:	Germany
Countrycode:	DEU
ASN number:	24940
ASN name:	HETZNER-ASDE
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

ProgramId

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

FileId

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

LowerCaseLongPath

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

LongPathHash

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

Name

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

OriginalFileName

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

Publisher

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

Version

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

BinFileVersion

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

BinaryType

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

ProductName

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

ProductVersion

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

LinkDate

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

BinProductVersion

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

AppxPackageFullName

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

AppxPackageRelativeId

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

Size

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

Language

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

IsOsComponent

\REGISTRY\A\{a010e3ff-a323-9184-b717-7b8603f2d200}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe

Usn

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData

ClockTimeSeconds

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData

TickCount

There are 12 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

33D5000

trusted library allocation

page read and write

400000

remote allocation

page execute and read and write

89E000

stack

page read and write

C70000

heap

page read and write

90000

unkown

page readonly

198D6000

heap

page read and write

DEC000

heap

page read and write

2340000

trusted library allocation

page read and write

4F8000

stack

page read and write

9D0000

trusted library allocation

page read and write

198E1000

heap

page read and write

5E0000

heap

page read and write

335D000

heap

page read and write

222E000

stack

page read and write

957E000

stack

page read and write

23D1000

trusted library allocation

page execute and read and write

32FE000

stack

page read and write

DE1000

heap

page read and write

563000

remote allocation

page execute and read and write

21C7000

trusted library allocation

page execute and read and write

1262E000

stack

page read and write

23D3000

trusted library allocation

page read and write

19ADC000

stack

page read and write

33D1000

trusted library allocation

page read and write

E10000

heap

page read and write

3350000

heap

page read and write

58A000

remote allocation

page execute and read and write

55A000

remote allocation

page execute and read and write

1F0000

heap

page read and write

703E000

stack

page read and write

C3E000

stack

page read and write

5E5000

heap

page read and write

46B000

remote allocation

page execute and read and write

21E0000

trusted library allocation

page read and write

A5C000

stack

page read and write

BD0000

heap

page read and write

14D5D000

stack

page read and write

198DD000

heap

page read and write

7CA000

heap

page read and write

A0A000

trusted library allocation

page execute and read and write

C50000

heap

page read and write

19C10000

heap

page read and write

467000

remote allocation

page execute and read and write

198E5000

heap

page read and write

E01000

heap

page read and write

E5F000

heap

page read and write

9F4000

trusted library allocation

page read and write

D80000

heap

page read and write

19D1E000

stack

page read and write

A10000

heap

page read and write

463000

remote allocation

page execute and read and write

57C000

remote allocation

page execute and read and write

9A0000

heap

page read and write

63A000

remote allocation

page execute and read and write

76E000

heap

page read and write

78C000

heap

page read and write

9E4000

trusted library allocation

page read and write

B52000

stack

page read and write

198CF000

heap

page read and write

768000

heap

page read and write

578000

remote allocation

page execute and read and write

5A1000

remote allocation

page execute and read and write

3356000

heap

page read and write

7A3000

heap

page read and write

199DB000

stack

page read and write

1732E000

stack

page read and write

9E3000

trusted library allocation

page execute and read and write

1266D000

stack

page read and write

730000

heap

page read and write

9BB0000

unclassified section

page read and write

1988C000

heap

page read and write

2360000

heap

page execute and read and write

198AE000

heap

page read and write

21CB000

trusted library allocation

page execute and read and write

9AB0000

heap

page read and write

48B000

remote allocation

page execute and read and write

483000

remote allocation

page execute and read and write

55D000

remote allocation

page execute and read and write

72F000

stack

page read and write

23C0000

heap

page read and write

760000

heap

page read and write

670000

remote allocation

page execute and read and write

794000

heap

page read and write

198DA000

heap

page read and write

23AE000

stack

page read and write

14CFF000

stack

page read and write

232E000

stack

page read and write

580000

remote allocation

page execute and read and write

19882000

heap

page read and write

100AF000

stack

page read and write

19980000

heap

page read and write

92000

unkown

page readonly

21C0000

trusted library allocation

page read and write

9F0000

trusted library allocation

page read and write

198D3000

heap

page read and write

100ED000

stack

page read and write

DDF000

heap

page read and write

57E000

remote allocation

page execute and read and write

DD3000

heap

page read and write

582000

remote allocation

page execute and read and write

14BFE000

stack

page read and write

D8A000

heap

page read and write

E77000

heap

page read and write

2330000

trusted library allocation

page execute and read and write

487000

remote allocation

page execute and read and write

19B4E000

stack

page read and write

1989D000

heap

page read and write

62E000

stack

page read and write

1986F000

stack

page read and write

456E000

stack

page read and write

B5C000

stack

page read and write

333E000

stack

page read and write

14BAC000

stack

page read and write

99F000

stack

page read and write

1729E000

stack

page read and write

BC0000

heap

page read and write

9F6000

trusted library allocation

page read and write

18C000

stack

page read and write

5D0000

heap

page read and write

There are 109 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
file.exe