Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Set-up.exe

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Entropy:	2.782204586747232
Filename:	Set-up.exe
Filesize:	9988096
MD5:	78b5c3b4fb31188ee6c024ff96ff3807
SHA1:	ec49de9a8dee4ee75a2c2e8b53cc380d6d17d702
SHA256:	10409c447cb02b22dbb4a7cfa17335bffc3ccc1e7975596de8b49f0a4045e1e0
SHA512:	71526ebc9bac205dd7a43ae2db6ad212564d524deaac6a810a73e27bcc7946f90ca951daefd241c3738a2ce3a073ef6a967256f83a8fa75f6480ef431affa524
SSDEEP:	24576:z+b5B+/idS9HccEr97tVo04trbsF5cjMUYv/KdKvspAh4/QGNYJ1tfenULGWGlU/:dqejMUYYK6GEHTtxA7
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\..f...............(.8,..d...............P,...@.......................................@... ......................P..B..

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Drops large PE files	System Summary
Found many strings related to Crypto-Wallets (likely being stolen)	Stealing of Sensitive Information	Data from Local System
Tries to harvest and steal browser information (history, passwords, etc)	Stealing of Sensitive Information	OS Credential Dumping
Uses schtasks.exe or at.exe to add and modify task schedules	Boot Survival	Scheduled Task/Job
Contains capabilities to detect virtual machines	Malware Analysis System Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion
Drops PE files	Persistence and Installation Behavior
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
PE file contains sections with non-standard names	Data Obfuscation
Queries information about the installed CPU (vendor, model number etc)	Language, Device and Operating System Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary	Masquerading
Creates files inside the user directory	System Summary	Masquerading
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Enumerates the file system	Spreading, Malware Analysis System Evasion	File and Directory Discovery
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Queries the cryptographic machine GUID	Language, Device and Operating System Detection	System Information Discovery
Reads ini files	System Summary
Reads software policies	System Summary
SQL strings found in memory and binary data	System Summary
Sample is known by Antivirus	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
Uses an in-process (OLE) Automation server	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Temp\service123.exe

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\service123.exe
Category:	dropped
Dump:	service123.exe.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\Set-up.exe
Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Entropy:	0.0023405214781110325
Encrypted:	false
Size:	314617856
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Found evasive API chain (may stop execution after checking mutex)	Malware Analysis System Evasion	Native API
Found stalling execution ending in API Sleep call	Malware Analysis System Evasion
Contains functionality for read data from the clipboard	Key, Mouse, Clipboard, Microphone and Screen Capturing	Clipboard Data
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging	Native API
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	System Information Discovery
Contains functionality to read the clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Clipboard Data
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Detected potential crypto function	System Summary	Encrypted Channel Archive Collected Data
Drops PE files	Persistence and Installation Behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Found inlined nop instructions (likely shell or obfuscated code)	Software Vulnerabilities	Obfuscated Files or Information
Found large amount of non-executed APIs	Malware Analysis System Evasion
Found potential string decryption / allocating functions	System Summary	Obfuscated Files or Information Deobfuscate/Decode Files or Information
Sample execution stops while process was sleeping (likely an evasion)	Malware Analysis System Evasion
Uses Microsoft's Enhanced Cryptographic Provider	Cryptography	Encrypted Channel
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains functionality to register its own exception handler	Anti Debugging
Creates mutexes	System Summary
Creates temporary files	System Summary
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

C:\Users\user\AppData\Local\Temp\WomwWuRzvwrFDpojKxBm.dll

PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\WomwWuRzvwrFDpojKxBm.dll
Category:	dropped
Dump:	WomwWuRzvwrFDpojKxBm.dll.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\Set-up.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Entropy:	0.054347345617942
Encrypted:	false
Ssdeep:	24576:nJW4LBm/PaLHur52La3AldScWbJmM2Wbnhs3PNwXNzue:62W9wWbnePeXx3
Size:	315803136
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Set-up.exe

"C:\Users\user\Desktop\Set-up.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7444
Target ID:	0
Parent PID:	2592
Name:	Set-up.exe
Path:	C:\Users\user\Desktop\Set-up.exe
Commandline:	"C:\Users\user\Desktop\Set-up.exe"
Size:	9988096
MD5:	78B5C3B4FB31188EE6C024FF96FF3807
Time:	08:44:13
Date:	04/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x620000
Modulesize:	10018816
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Clipboard Hijacker	Stealing of Sensitive Information
Yara detected Cryptbot	Stealing of Sensitive Information, Remote Access Functionality
Found many strings related to Crypto-Wallets (likely being stolen)	Stealing of Sensitive Information	Data from Local System
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Suspicious Schtasks From Env Var Folder	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Temp\service123.exe

"C:\Users\user\AppData\Local\Temp\service123.exe"

Details

Is windows:	false
Is dropped:	true
PID:	7956
Target ID:	5
Parent PID:	7444
Name:	service123.exe
Path:	C:\Users\user\AppData\Local\Temp\service123.exe
Commandline:	"C:\Users\user\AppData\Local\Temp\service123.exe"
Size:	314617856
MD5:	D3D8BD210D50D5EB78D8C43E70738DD1
Time:	08:45:14
Date:	04/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x8f0000
Modulesize:	73728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected Clipboard Hijacker	Stealing of Sensitive Information
Drops large PE files	System Summary
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder	System Summary
Uses schtasks.exe or at.exe to add and modify task schedules	Boot Survival	Scheduled Task/Job
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Sigma detected: Suspicious Schtasks From Env Var Folder	System Summary
Creates temporary files	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f

Details

Is windows:	true
Is dropped:	false
PID:	7976
Target ID:	6
Parent PID:	7444
Name:	schtasks.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\schtasks.exe
Commandline:	"C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Size:	187904
MD5:	48C2FE20575769DE916F48EF0676A965
Time:	08:45:14
Date:	04/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x9b0000
Modulesize:	204800
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder	System Summary
Uses schtasks.exe or at.exe to add and modify task schedules	Boot Survival	Scheduled Task/Job
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Suspicious Schtasks From Env Var Folder	System Summary
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Temp\service123.exe

C:\Users\user\AppData\Local\Temp\/service123.exe

Details

Is windows:	false
Is dropped:	true
PID:	8056
Target ID:	8
Parent PID:	1060
Name:	service123.exe
Path:	C:\Users\user\AppData\Local\Temp\service123.exe
Commandline:	C:\Users\user\AppData\Local\Temp\/service123.exe
Size:	314617856
MD5:	D3D8BD210D50D5EB78D8C43E70738DD1
Time:	08:45:18
Date:	04/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	false
Is elevated:	false
Modulebase:	0x8f0000
Modulesize:	73728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected Clipboard Hijacker	Stealing of Sensitive Information
Drops large PE files	System Summary
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder	System Summary
Uses schtasks.exe or at.exe to add and modify task schedules	Boot Survival	Scheduled Task/Job
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Sigma detected: Suspicious Schtasks From Env Var Folder	System Summary
Creates temporary files	System Summary
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Temp\service123.exe

C:\Users\user\AppData\Local\Temp\/service123.exe

Details

Is windows:	false
Is dropped:	true
PID:	7200
Target ID:	10
Parent PID:	1060
Name:	service123.exe
Path:	C:\Users\user\AppData\Local\Temp\service123.exe
Commandline:	C:\Users\user\AppData\Local\Temp\/service123.exe
Size:	314617856
MD5:	D3D8BD210D50D5EB78D8C43E70738DD1
Time:	08:46:03
Date:	04/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	false
Is elevated:	false
Modulebase:	0x8f0000
Modulesize:	73728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected Clipboard Hijacker	Stealing of Sensitive Information
Drops large PE files	System Summary
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder	System Summary
Uses schtasks.exe or at.exe to add and modify task schedules	Boot Survival	Scheduled Task/Job
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Sigma detected: Suspicious Schtasks From Env Var Folder	System Summary
Creates temporary files	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	7984
Target ID:	7
Parent PID:	7976
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	08:45:14
Date:	04/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff68cce0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

@sevtvx17pt.top

analforeverlovyu.top

sevtvx17pt.top

http://sevtvx17pt.top/v1/upload.php

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

https://duckduckgo.com/chrome_newtab

unknown

https://gcc.gnu.org/bugs/):

unknown

http://sevtvx17pt.top/

unknown

https://duckduckgo.com/ac/?q=

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

https://serviceupdate32.com/update

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

http://sevtvx17pt.top:80/v1/upload.phpoft

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

http://sevtvx17pt.top/Qv

unknown

https://www.ecosia.org/newtab/

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

There are 8 hidden URLs, click here to show them.

Domains

Name

Malicious

sevtvx17pt.top

185.244.181.140

Details

Name:	sevtvx17pt.top
IP:	185.244.181.140
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

198.187.3.20.in-addr.arpa

unknown

IPs

Domain

Country

Malicious

185.244.181.140

sevtvx17pt.top

Russian Federation

Details

IP:	185.244.181.140
TargetID:	0
Current Path:	C:\Users\user\Desktop\Set-up.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	44901
ASN name:	BELCLOUDBG
Private:	false
Domain:	sevtvx17pt.top

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

43CD000

heap

page read and write

901000

unkown

page readonly

1D03000

heap

page read and write

DA27000

heap

page read and write

17E8000

heap

page read and write

8FA000

unkown

page readonly

17D3000

heap

page read and write

C2C000

unkown

page read and write

1D57000

heap

page read and write

6C3B8000

unkown

page readonly

1CA9000

heap

page read and write

16D0000

heap

page read and write

17E8000

heap

page read and write

8FA000

unkown

page readonly

1D56000

heap

page read and write

3D3E000

stack

page read and write

DA20000

heap

page read and write

44EE000

stack

page read and write

2BC0000

heap

page read and write

1DE0000

remote allocation

page read and write

1D1F000

heap

page read and write

15E0000

heap

page read and write

8FA000

unkown

page readonly

ECE000

heap

page read and write

C48000

unkown

page read and write

1060000

heap

page read and write

1D53000

heap

page read and write

8FE000

unkown

page write copy

1CA1000

heap

page read and write

8FE000

unkown

page write copy

178E000

stack

page read and write

DA37000

heap

page read and write

8E5000

unkown

page read and write

E3C000

stack

page read and write

E1F8000

heap

page read and write

1D48000

heap

page read and write

1D49000

heap

page read and write

1D50000

heap

page read and write

A26000

unkown

page read and write

8FE000

unkown

page write copy

8E5000

unkown

page write copy

DA21000

heap

page read and write

17D3000

heap

page read and write

1CA1000

heap

page read and write

1D0B000

heap

page read and write

16B0000

heap

page read and write

162E000

stack

page read and write

8F1000

unkown

page execute read

417E000

stack

page read and write

1D53000

heap

page read and write

F66000

unkown

page write copy

158F000

stack

page read and write

178F000

stack

page read and write

1730000

heap

page read and write

C35000

unkown

page read and write

11D0000

heap

page read and write

8F0000

unkown

page readonly

DD0E000

heap

page read and write

1D56000

heap

page read and write

620000

unkown

page readonly

620000

unkown

page readonly

DA27000

heap

page read and write

1CBE000

heap

page read and write

5FE000

unkown

page read and write

DA40000

heap

page read and write

1D49000

heap

page read and write

EC0000

heap

page read and write

46EF000

stack

page read and write

C32000

unkown

page read and write

1D10000

heap

page read and write

F57000

unkown

page readonly

1D4E000

heap

page read and write

F57000

unkown

page readonly

9AE000

stack

page read and write

1D24000

heap

page read and write

1807000

heap

page read and write

1825000

heap

page read and write

DAFC000

heap

page read and write

DA3D000

heap

page read and write

D819000

heap

page read and write

17EC000

heap

page read and write

1807000

heap

page read and write

1814000

heap

page read and write

901000

unkown

page readonly

1030000

heap

page read and write

C80000

heap

page read and write

1E14000

heap

page read and write

840000

heap

page read and write

6C3B9000

unkown

page read and write

8F0000

unkown

page readonly

1650000

heap

page read and write

1CCC000

heap

page read and write

68C000

stack

page read and write

6C36F000

unkown

page readonly

50D000

stack

page read and write

17CF000

heap

page read and write

6C290000

unkown

page readonly

492C000

stack

page read and write

8F1000

unkown

page execute read

8F1000

unkown

page execute read

8F0000

unkown

page readonly

5B0000

heap

page read and write

F69000

unkown

page readonly

2AFF000

stack

page read and write

1960000

heap

page read and write

1838000

heap

page read and write

DA4B000

heap

page read and write

901000

unkown

page readonly

1804000

heap

page read and write

8FA000

unkown

page readonly

EEC000

unkown

page read and write

3CFD000

stack

page read and write

8F1000

unkown

page execute read

F66000

unkown

page read and write

1C9E000

stack

page read and write

10B0000

heap

page read and write

41BD000

stack

page read and write

1CEF000

heap

page read and write

1E10000

heap

page read and write

ECA000

heap

page read and write

BAB000

unkown

page read and write

8FE000

unkown

page read and write

C8C000

stack

page read and write

17D3000

heap

page read and write

17AA000

heap

page read and write

901000

unkown

page readonly

1140000

heap

page read and write

DA2D000

heap

page read and write

17E8000

heap

page read and write

FE0000

heap

page read and write

1825000

heap

page read and write

6C3BC000

unkown

page readonly

1438000

stack

page read and write

3F7E000

stack

page read and write

15BE000

stack

page read and write

FF0000

heap

page read and write

17A0000

heap

page read and write

DA43000

heap

page read and write

1D1F000

heap

page read and write

13B0000

heap

page read and write

DA45000

heap

page read and write

CAB000

unkown

page read and write

1D49000

heap

page read and write

9E7000

unkown

page read and write

1DE0000

remote allocation

page read and write

C87000

heap

page read and write

1809000

heap

page read and write

43BE000

stack

page read and write

F69000

unkown

page readonly

C3A000

unkown

page read and write

10AE000

stack

page read and write

1DE0000

remote allocation

page read and write

15E5000

heap

page read and write

3F3F000

stack

page read and write

1298000

heap

page read and write

C3C000

unkown

page read and write

DA5F000

heap

page read and write

1435000

stack

page read and write

1D45000

heap

page read and write

8F0000

unkown

page readonly

1D49000

heap

page read and write

1CBA000

heap

page read and write

6C291000

unkown

page execute read

83F000

unkown

page read and write

8F1000

unkown

page execute read

8E0000

heap

page read and write

621000

unkown

page execute read

B00000

heap

page read and write

6C36D000

unkown

page read and write

88C000

stack

page read and write

1E17000

heap

page read and write

E8C000

stack

page read and write

1420000

stack

page read and write

1D4D000

heap

page read and write

878000

heap

page read and write

8F0000

unkown

page readonly

DA34000

heap

page read and write

1CF9000

heap

page read and write

1810000

heap

page read and write

1CA1000

heap

page read and write

17ED000

heap

page read and write

3AFD000

stack

page read and write

621000

unkown

page execute read

1A9F000

stack

page read and write

472B000

stack

page read and write

103C000

stack

page read and write

8FA000

unkown

page readonly

8F1000

unkown

page execute read

C4D000

unkown

page read and write

165A000

heap

page read and write

901000

unkown

page readonly

BEB000

unkown

page read and write

1432000

stack

page read and write

2D10000

heap

page read and write

870000

heap

page read and write

17CD000

heap

page read and write

8FE000

unkown

page read and write

11CE000

stack

page read and write

8FE000

unkown

page read and write

1490000

heap

page read and write

1807000

heap

page read and write

A20000

heap

page read and write

1809000

heap

page read and write

123B000

stack

page read and write

1806000

heap

page read and write

1D49000

heap

page read and write

8FA000

unkown

page readonly

17AE000

heap

page read and write

1570000

heap

page read and write

1CA0000

heap

page read and write

1DDD000

stack

page read and write

1D5A000

heap

page read and write

1D60000

heap

page read and write

141D000

stack

page read and write

901000

unkown

page readonly

C2E000

unkown

page read and write

1290000

heap

page read and write

54A000

stack

page read and write

8F0000

unkown

page readonly

1D48000

heap

page read and write

There are 210 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Set-up.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSet-up.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
Set-up.exe