Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

file.exe

PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy:	7.98633319316565
Filename:	file.exe
Filesize:	1043948
MD5:	d059de04a3a3332380335593782c6623
SHA1:	0986639f0dda7184b816dfecf738c7064f399d48
SHA256:	77090d1dc1644653d318a6de50c7d614113e58b8e0b320bc94d0edddcc067432
SHA512:	dd73df3b1613d02e518c2698bd13b4d7f4cabfba3a3fc11242a8ff17c28a3574b9b59a4d8fc83215de1e7e4cf7809f780d96c64e7e5fe1b117c15e10245bdf6b
SSDEEP:	24576:jM41a59Lh+PQkqyfIy5JrtqMf8PKM0B/B6QDAAuggo4zqIthbx:oBbYPQZyfIy5JhXfwKMA6Q7uggo4zqo
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1H..u)..u)..u)...&..w)..u)...)...&..d)...6...).../..t)..Richu)..........PE..L.....:J.................\..........!1.......p....@

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Contains functionality for read data from the clipboard	Key, Mouse, Clipboard, Microphone and Screen Capturing	Clipboard Data
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging
Contains functionality to shutdown / reboot the system	System Summary	Access Token Manipulation System Shutdown/Reboot
Detected potential crypto function	System Summary	Access Token Manipulation Archive Collected Data Encrypted Channel
Uses 32bit PE files	Compliance, System Summary
Contains functionality to check free disk space	System Summary
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion
Contains functionality to instantiate COM classes	System Summary	Access Token Manipulation
Contains functionality to query windows version	Language, Device and Operating System Detection
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Enumerates the file system	Spreading, Malware Analysis System Evasion
PE file has an executable .text section and no other executable section	System Summary	Access Token Manipulation
Program exit points	Malware Analysis System Evasion
Reads ini files	System Summary	File and Directory Discovery
Reads software policies	System Summary	Access Token Manipulation
Sample is known by Antivirus	System Summary	Access Token Manipulation
Sample reads its own file content	System Summary	Access Token Manipulation
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary	Access Token Manipulation

C:\Users\user\AppData\Local\Temp\Youbak_MSN_PARTNER2036.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\Youbak_MSN_PARTNER2036.exe
Category:	dropped
Dump:	Youbak_MSN_PARTNER2036.exe.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.979782969395591
Encrypted:	false
Ssdeep:	24576:620b+HGfS428aNS656djjsIJybodIpp6nOJXo3mJvU2C6/UIhW0j:62xGfS6uS65wj7skdIHBomJvBC6/5j
Size:	1013672
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Contains functionality to query locales information (e.g. system language)	Language, Device and Operating System Detection	System Information Discovery
Drops PE files	Persistence and Installation Behavior
Found evasive API chain (date check)	Malware Analysis System Evasion	Native API
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains functionality to adjust token privileges (e.g. debug / backup)	System Summary	Access Token Manipulation
Contains functionality to load and extract PE file embedded resources	System Summary
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Information Discovery System Time Discovery
Contains functionality to query system information	Malware Analysis System Evasion	System Information Discovery
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

C:\Users\user\AppData\Local\Temp\is-3T87F.tmp\_isetup\_RegDLL.tmp

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\is-3T87F.tmp\_isetup\_RegDLL.tmp
Category:	dropped
Dump:	_RegDLL.tmp.3.dr
ID:	dr_3
Target ID:	3
Process:	C:\Users\user\AppData\Local\Temp\is-K5V3G.tmp\Youbak_MSN_PARTNER2036.tmp
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	4.026670007889822
Encrypted:	false
Ssdeep:	48:ivuz1hEU3FR/pmqBl8/QMCBaquEMx5BC+SS4k+bkguj0KHc:bz1eEFNcqBC/Qrex5iSKDkc
Size:	4096
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

C:\Users\user\AppData\Local\Temp\is-3T87F.tmp\_isetup\_setup64.tmp

PE32+ executable (console) x86-64, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\is-3T87F.tmp\_isetup\_setup64.tmp
Category:	dropped
Dump:	_setup64.tmp.3.dr
ID:	dr_4
Target ID:	3
Process:	C:\Users\user\AppData\Local\Temp\is-K5V3G.tmp\Youbak_MSN_PARTNER2036.tmp
Type:	PE32+ executable (console) x86-64, for MS Windows
Entropy:	4.215994423157539
Encrypted:	false
Ssdeep:	96:sfkcXegaJ/ZAYNzcld1xaX12pS5SKvkc:sfJEVYlvxaX12EF
Size:	6144
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

C:\Users\user\AppData\Local\Temp\is-K5V3G.tmp\Youbak_MSN_PARTNER2036.tmp

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\is-K5V3G.tmp\Youbak_MSN_PARTNER2036.tmp
Category:	dropped
Dump:	Youbak_MSN_PARTNER2036.tmp.2.dr
ID:	dr_2
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\Youbak_MSN_PARTNER2036.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.4824409777908265
Encrypted:	false
Ssdeep:	12288:ruA/arACiIrPe37lzH6A64EGYHuXsr5aER+gjrNAFR9FXsvy8ddXEx9O:rN/arRiIrPe37lzH6A604cs1aEcdFXGH
Size:	711168
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Contains functionality to call native functions	System Summary
Contains functionality to check if a window is minimized (may be used to check if an application is visible)	Hooking and other Techniques for Hiding and Protection	Application Window Discovery
Contains functionality to communicate with device drivers	System Summary
Contains functionality to launch a program with higher privileges	HIPS / PFW / Operating System Protection Evasion	Exploitation for Privilege Escalation
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Found large amount of non-executed APIs	Malware Analysis System Evasion
Found potential string decryption / allocating functions	System Summary	Obfuscated Files or Information Deobfuscate/Decode Files or Information
Contains functionality to create a new security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to create pipes for IPC	Language, Device and Operating System Detection	Process Injection
Contains functionality to query the account / user name	Language, Device and Operating System Detection	Account Discovery System Owner/User Discovery
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Reads the Windows registered organization settings	System Summary	System Owner/User Discovery
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading
Reads the Windows registered owner settings	System Summary	System Owner/User Discovery

C:\Users\user\AppData\Local\Temp\nsi2AC5.tmp\SelfDel.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\nsi2AC5.tmp\SelfDel.dll
Category:	dropped
Dump:	SelfDel.dll.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	3.714680021364841
Encrypted:	false
Ssdeep:	48:qgvd++4+SbkYisPkqipl8KWPvPeMfkR0CXB7AQmJTGIO:T++4+S4YLPFir7WPvPeOkmaZmTE
Size:	3685
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Enumerates the file system	Spreading, Malware Analysis System Evasion	File and Directory Discovery

C:\Users\user\AppData\Local\Temp\is-3T87F.tmp\_isetup\_shfoldr.dll

PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\is-3T87F.tmp\_isetup\_shfoldr.dll
Category:	dropped
Dump:	_shfoldr.dll.3.dr
ID:	dr_5
Target ID:	3
Process:	C:\Users\user\AppData\Local\Temp\is-K5V3G.tmp\Youbak_MSN_PARTNER2036.tmp
Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Entropy:	4.596242908851566
Encrypted:	false
Ssdeep:	384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
Size:	23312
Whitelisted:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7780
Target ID:	0
Parent PID:	4084
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1043948
MD5:	D059DE04A3A3332380335593782C6623
Time:	10:10:31
Date:	30/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	196608
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking

C:\Users\user\AppData\Local\Temp\Youbak_MSN_PARTNER2036.exe

C:\Users\user\AppData\Local\Temp\Youbak_MSN_PARTNER2036.exe /VERYSILENT /SP- /NORESTART

Details

Is windows:	false
Is dropped:	true
PID:	7844
Target ID:	2
Parent PID:	7780
Name:	Youbak_MSN_PARTNER2036.exe
Path:	C:\Users\user\AppData\Local\Temp\Youbak_MSN_PARTNER2036.exe
Commandline:	C:\Users\user\AppData\Local\Temp\Youbak_MSN_PARTNER2036.exe /VERYSILENT /SP- /NORESTART
Size:	1013672
MD5:	D88681C275FD71F42CCAEE06E5901FC9
Time:	10:10:31
Date:	30/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	81920
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Temp\is-K5V3G.tmp\Youbak_MSN_PARTNER2036.tmp

"C:\Users\user\AppData\Local\Temp\is-K5V3G.tmp\Youbak_MSN_PARTNER2036.tmp" /SL5="$20468,737659,54272,C:\Users\user\AppData\Local\Temp\Youbak_MSN_PARTNER2036.exe" /VERYSILENT /SP- /NORESTART

Details

Is windows:	false
Is dropped:	true
PID:	7860
Target ID:	3
Parent PID:	7844
Name:	Youbak_MSN_PARTNER2036.tmp
Path:	C:\Users\user\AppData\Local\Temp\is-K5V3G.tmp\Youbak_MSN_PARTNER2036.tmp
Commandline:	"C:\Users\user\AppData\Local\Temp\is-K5V3G.tmp\Youbak_MSN_PARTNER2036.tmp" /SL5="$20468,737659,54272,C:\Users\user\AppData\Local\Temp\Youbak_MSN_PARTNER2036.exe" /VERYSILENT /SP- /NORESTART
Size:	711168
MD5:	29BB632F057F068130E8A7877781A05D
Time:	10:10:32
Date:	30/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	774144
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://www.innosetup.com/

unknown

http://nsis.sf.net/NSIS_Error

unknown

http://www.remobjects.com/psU

unknown

Details

Name:	http://www.remobjects.com/psU
TargetID:	-1
From Memory:	true
Source:	Youbak_MSN_PARTNER2036.exe, 00000002.00000003.1411073569.0000000001F68000.00000004.00001000.00020000.00000000.sdmp, Youbak_MSN_PARTNER2036.exe, 00000002.00000003.1410907677.00000000021D0000.00000004.00001000.00020000.00000000.sdmp, Youbak_MSN_PARTNER2036.tmp, 00000003.00000000.1411540739.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Youbak_MSN_PARTNER2036.tmp.2.dr

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://nsis.sf.net/NSIS_ErrorError

unknown

http://www.remobjects.com/ps

unknown

Details

Name:	http://www.remobjects.com/ps
TargetID:	-1
From Memory:	true
Source:	Youbak_MSN_PARTNER2036.exe, 00000002.00000003.1411073569.0000000001F68000.00000004.00001000.00020000.00000000.sdmp, Youbak_MSN_PARTNER2036.exe, 00000002.00000003.1410907677.00000000021D0000.00000004.00001000.00020000.00000000.sdmp, Youbak_MSN_PARTNER2036.tmp, Youbak_MSN_PARTNER2036.tmp, 00000003.00000000.1411540739.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Youbak_MSN_PARTNER2036.tmp.2.dr

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://msn.youbak.com2

unknown

Details

Name:	http://msn.youbak.com2
TargetID:	2
From Memory:	true
Current Path:	C:\Users\user\AppData\Local\Temp\Youbak_MSN_PARTNER2036.exe
Source:	Youbak_MSN_PARTNER2036.exe, 00000002.00000003.1410581975.0000000001F61000.00000004.00001000.00020000.00000000.sdmp, Youbak_MSN_PARTNER2036.exe, 00000002.00000003.1414237770.0000000001F61000.00000004.00001000.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://msn.youbak.com#

unknown

Details

Name:	http://msn.youbak.com#
TargetID:	2
From Memory:	true
Current Path:	C:\Users\user\AppData\Local\Temp\Youbak_MSN_PARTNER2036.exe
Source:	Youbak_MSN_PARTNER2036.exe, 00000002.00000003.1410461810.00000000021D0000.00000004.00001000.00020000.00000000.sdmp, Youbak_MSN_PARTNER2036.tmp, 00000003.00000003.1412630705.0000000003100000.00000004.00001000.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://msn.youbak.com

unknown

Details

Name:	http://msn.youbak.com
TargetID:	2
From Memory:	true
Current Path:	C:\Users\user\AppData\Local\Temp\Youbak_MSN_PARTNER2036.exe
Source:	Youbak_MSN_PARTNER2036.exe, 00000002.00000003.1410581975.0000000001F61000.00000004.00001000.00020000.00000000.sdmp, Youbak_MSN_PARTNER2036.exe, 00000002.00000003.1410461810.00000000021D0000.00000004.00001000.00020000.00000000.sdmp, Youbak_MSN_PARTNER2036.exe, 00000002.00000003.1414237770.0000000001F61000.00000004.00001000.00020000.00000000.sdmp, Youbak_MSN_PARTNER2036.tmp, 00000003.00000003.1413320314.00000000021E8000.00000004.00001000.00020000.00000000.sdmp, Youbak_MSN_PARTNER2036.tmp, 00000003.00000003.1413350798.000000000221C000.00000004.00001000.00020000.00000000.sdmp, Youbak_MSN_PARTNER2036.tmp, 00000003.00000003.1413025183.0000000002214000.00000004.00001000.00020000.00000000.sdmp, Youbak_MSN_PARTNER2036.tmp, 00000003.00000003.1413288845.0000000002204000.00000004.00001000.00020000.00000000.sdmp, Youbak_MSN_PARTNER2036.tmp, 00000003.00000003.1412703141.00000000021E8000.00000004.00001000.00020000.00000000.sdmp, Youbak_MSN_PARTNER2036.tmp, 00000003.00000003.1413084543.0000000002218000.00000004.00001000.00020000.00000000.sdmp, Youbak_MSN_PARTNER2036.tmp, 00000003.00000003.1412630705.0000000003100000.00000004.00001000.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

643000

heap

page read and write

20C0000

heap

page read and write

313E000

stack

page read and write

72A000

heap

page read and write

73C000

heap

page read and write

27CF000

stack

page read and write

337F000

stack

page read and write

21E8000

direct allocation

page read and write

40B000

unkown

page read and write

1F61000

direct allocation

page read and write

49B000

unkown

page write copy

5D0000

heap

page read and write

500000

heap

page read and write

755000

heap

page read and write

401000

unkown

page execute read

9B000

stack

page read and write

1F3F000

stack

page read and write

409000

unkown

page read and write

21DC000

direct allocation

page read and write

60B000

heap

page read and write

498000

unkown

page write copy

430000

heap

page read and write

21D7000

direct allocation

page read and write

1F40000

heap

page read and write

221C000

direct allocation

page read and write

6C0000

heap

page read and write

770000

heap

page read and write

670000

heap

page read and write

600000

heap

page read and write

220C000

direct allocation

page read and write

650000

heap

page read and write

251F000

stack

page read and write

21D0000

direct allocation

page read and write

9B000

stack

page read and write

407000

unkown

page readonly

52A000

heap

page read and write

6D0000

heap

page read and write

21D8000

direct allocation

page read and write

1F68000

direct allocation

page read and write

1F0000

heap

page read and write

4A9000

unkown

page readonly

675000

heap

page read and write

400000

unkown

page readonly

411000

unkown

page readonly

409000

unkown

page write copy

20BF000

stack

page read and write

2214000

direct allocation

page read and write

510000

heap

page read and write

67A000

heap

page read and write

61D000

heap

page read and write

48E000

stack

page read and write

401000

unkown

page execute read

19A000

stack

page read and write

19C000

stack

page read and write

700000

direct allocation

page read and write

400000

unkown

page readonly

20C4000

heap

page read and write

2210000

direct allocation

page read and write

21DF000

stack

page read and write

400000

unkown

page readonly

40B000

unkown

page write copy

690000

direct allocation

page execute and read and write

60E000

stack

page read and write

21D0000

direct allocation

page read and write

1F54000

direct allocation

page read and write

7B2000

heap

page read and write

407000

unkown

page readonly

4A9000

unkown

page readonly

830000

heap

page read and write

1E3E000

stack

page read and write

740000

heap

page read and write

651000

heap

page read and write

3100000

direct allocation

page read and write

652000

heap

page read and write

520000

heap

page read and write

5CE000

stack

page read and write

651000

heap

page read and write

4B0000

heap

page read and write

53D000

heap

page read and write

73E000

stack

page read and write

2780000

trusted library allocation

page read and write

7B3000

heap

page read and write

42C000

unkown

page readonly

420000

heap

page read and write

720000

heap

page read and write

27D9000

heap

page read and write

401000

unkown

page execute read

22DF000

stack

page read and write

241E000

stack

page read and write

766000

heap

page read and write

2204000

direct allocation

page read and write

421000

unkown

page read and write

21F4000

direct allocation

page read and write

411000

unkown

page readonly

7B5000

heap

page read and write

7B2000

heap

page read and write

98000

stack

page read and write

323F000

stack

page read and write

27DA000

heap

page read and write

42C000

unkown

page readonly

327E000

stack

page read and write

21E8000

direct allocation

page read and write

5A0000

heap

page read and write

7B5000

heap

page read and write

4C0000

heap

page read and write

401000

unkown

page execute read

27D3000

heap

page read and write

5B0000

heap

page read and write

21D0000

direct allocation

page read and write

400000

unkown

page readonly

4B5000

heap

page read and write

401000

unkown

page execute read

64E000

stack

page read and write

2380000

heap

page read and write

19C000

stack

page read and write

2018000

direct allocation

page read and write

2201000

direct allocation

page read and write

700000

direct allocation

page read and write

40D000

unkown

page write copy

401000

unkown

page execute read

2208000

direct allocation

page read and write

7BE000

stack

page read and write

20DF000

stack

page read and write

400000

unkown

page readonly

1F50000

direct allocation

page read and write

497000

unkown

page write copy

400000

unkown

page readonly

497000

unkown

page read and write

2218000

direct allocation

page read and write

429000

unkown

page read and write

644000

heap

page read and write

3100000

direct allocation

page read and write

751000

heap

page read and write

2203000

direct allocation

page read and write

21CF000

stack

page read and write

499000

unkown

page read and write

1F61000

direct allocation

page read and write

There are 127 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Files

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Files

Processes

URLs

Memdumps

IOC Report
file.exe