Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

8bUUnhu0NB.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.0814032092654156
Filename:	8bUUnhu0NB.exe
Filesize:	307712
MD5:	ea4ac79e673549898d54762f2ebb2302
SHA1:	ecff793cd3647c6f5368033ada6a65229b9fe4b4
SHA256:	b4ae32a0dfe1d99f5a3afed227708f46d176809e448908c892514dee402674db
SHA512:	cf2af8cb3472ed5f975f4257e299e9f70fbbd8d367b2a6f55ec8da1a43cfca35caf95707748534cca5e56df224738832060f379b07157646fbcfe4bb674b40c1
SSDEEP:	3072:icZqf7D34xp/0+mAGkyYaxQwgrRB1fA0PuTVAtkxzB3R0eqiOL2bBOA:icZqf7DIjnm2lB1fA0GTV8k38L
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@................................

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Multi AV Scanner detection for submitted file	AV Detection
Found many strings related to Crypto-Wallets (likely being stolen)	Stealing of Sensitive Information
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)	Malware Analysis System Evasion
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)	Malware Analysis System Evasion
Tries to harvest and steal browser information (history, passwords, etc)	Stealing of Sensitive Information	OS Credential Dumping Data from Local System
Tries to steal Crypto Currency Wallets	Stealing of Sensitive Information
AV process strings found (often used to terminate AV products)	Lowering of HIPS / PFW / Operating System Security Settings
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)	Lowering of HIPS / PFW / Operating System Security Settings
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Enables debug privileges	Anti Debugging
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)	Malware Analysis System Evasion	Windows Management Instrumentation Virtualization/Sandbox Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary	Masquerading
Yara signature match	System Summary
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Queries process information (via WMI, Win32_Process)	System Summary
Queries the cryptographic machine GUID	Language, Device and Operating System Detection	System Information Discovery
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
Uses an in-process (OLE) Automation server	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\8bUUnhu0NB.exe.log

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\8bUUnhu0NB.exe.log
Category:	dropped
Dump:	8bUUnhu0NB.exe.log.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\8bUUnhu0NB.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.33145931749415
Encrypted:	false
Ssdeep:	96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
Size:	3094
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\8bUUnhu0NB.exe

"C:\Users\user\Desktop\8bUUnhu0NB.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7584
Target ID:	0
Parent PID:	3964
Name:	8bUUnhu0NB.exe
Path:	C:\Users\user\Desktop\8bUUnhu0NB.exe
Commandline:	"C:\Users\user\Desktop\8bUUnhu0NB.exe"
Size:	307712
MD5:	EA4AC79E673549898D54762F2EBB2302
Time:	08:16:17
Date:	11/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xed0000
Modulesize:	335872
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

104.219.239.239:1912

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/sct

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk

unknown

https://duckduckgo.com/ac/?q=

unknown

http://tempuri.org/Entity/Id14ResponseD

unknown

http://tempuri.org/Entity/Id23ResponseD

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary

unknown

http://tempuri.org/Entity/Id12Response

unknown

http://tempuri.org/

unknown

http://tempuri.org/Entity/Id2Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1

unknown

http://tempuri.org/Entity/Id21Response

unknown

http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap

unknown

http://tempuri.org/Entity/Id9

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID

unknown

http://tempuri.org/Entity/Id8

unknown

http://tempuri.org/Entity/Id6ResponseD

unknown

http://tempuri.org/Entity/Id5

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare

unknown

http://tempuri.org/Entity/Id4

unknown

http://tempuri.org/Entity/Id7

unknown

http://tempuri.org/Entity/Id6

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret

unknown

http://tempuri.org/Entity/Id19Response

unknown

http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence

unknown

http://tempuri.org/Entity/Id13ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/fault

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat

unknown

http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey

unknown

http://tempuri.org/Entity/Id15Response

unknown

http://tempuri.org/Entity/Id5ResponseD

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register

unknown

http://tempuri.org/Entity/Id6Response

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey

unknown

https://api.ip.sb/ip

unknown

http://schemas.xmlsoap.org/ws/2004/04/sc

unknown

http://tempuri.org/Entity/Id1ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel

unknown

http://tempuri.org/Entity/Id9Response

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

http://tempuri.org/Entity/Id20

unknown

http://tempuri.org/Entity/Id21

unknown

http://tempuri.org/Entity/Id22

unknown

http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1

unknown

http://tempuri.org/Entity/Id23

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1

unknown

http://tempuri.org/Entity/Id24

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue

unknown

http://tempuri.org/Entity/Id24Response

unknown

http://tempuri.org/Entity/Id1Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey

unknown

http://tempuri.org/Entity/Id21ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust

unknown

http://tempuri.org/Entity/Id10

unknown

http://tempuri.org/Entity/Id11

unknown

http://tempuri.org/Entity/Id10ResponseD

unknown

http://tempuri.org/Entity/Id12

unknown

http://tempuri.org/Entity/Id16Response

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel

unknown

http://tempuri.org/Entity/Id13

unknown

http://tempuri.org/Entity/Id14

unknown

http://tempuri.org/Entity/Id15

unknown

http://tempuri.org/Entity/Id16

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce

unknown

http://tempuri.org/Entity/Id17

unknown

http://tempuri.org/Entity/Id18

unknown

http://tempuri.org/Entity/Id5Response

unknown

https://gemini.google.com/app?q=

unknown

http://tempuri.org/Entity/Id19

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns

unknown

http://tempuri.org/Entity/Id15ResponseD

unknown

http://tempuri.org/Entity/Id10Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/Renew

unknown

http://tempuri.org/Entity/Id11ResponseD

unknown

http://tempuri.org/Entity/Id8Response

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT

unknown

http://schemas.xmlsoap.org/ws/2006/02/addressingidentity

unknown

http://tempuri.org/Entity/Id17ResponseD

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

http://tempuri.org/Entity/Id8ResponseD

unknown

There are 90 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

104.219.239.239

unknown

United States

Details

IP:	104.219.239.239
TargetID:	0
Current Path:	C:\Users\user\Desktop\8bUUnhu0NB.exe
Country:	United States
Countrycode:	USA
ASN number:	27176
ASN name:	DATAWAGONUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Owner

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

SessionHash

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Sequence

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFiles0000

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFilesHash

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Owner

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

SessionHash

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Sequence

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFiles0000

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFilesHash

Memdumps

Base Address

Regiontype

Protect

Malicious

ED2000

unkown

page readonly

66FF000

heap

page read and write

72CD000

stack

page read and write

3785000

trusted library allocation

page read and write

6752000

heap

page read and write

356E000

trusted library allocation

page read and write

7255000

trusted library allocation

page read and write

15B2000

heap

page read and write

3271000

trusted library allocation

page read and write

371F000

trusted library allocation

page read and write

56D0000

trusted library allocation

page read and write

7A90000

heap

page read and write

148D000

stack

page read and write

3596000

trusted library allocation

page read and write

3623000

trusted library allocation

page read and write

37EA000

trusted library allocation

page read and write

14E0000

trusted library allocation

page read and write

675C000

heap

page read and write

3500000

trusted library allocation

page read and write

7A0F000

stack

page read and write

5C40000

trusted library allocation

page read and write

56C0000

trusted library allocation

page read and write

4291000

trusted library allocation

page read and write

5740000

trusted library allocation

page read and write

59CE000

stack

page read and write

5B70000

trusted library allocation

page read and write

7AF0000

trusted library allocation

page execute and read and write

3110000

heap

page read and write

5B9E000

trusted library allocation

page read and write

325C000

stack

page read and write

36FE000

trusted library allocation

page read and write

36EE000

trusted library allocation

page read and write

91D6000

heap

page read and write

5C80000

trusted library allocation

page read and write

5BF0000

trusted library allocation

page read and write

56F1000

trusted library allocation

page read and write

186E000

stack

page read and write

4582000

trusted library allocation

page read and write

5C70000

trusted library allocation

page read and write

639E000

stack

page read and write

37C7000

trusted library allocation

page read and write

3598000

trusted library allocation

page read and write

3764000

trusted library allocation

page read and write

8DBE000

stack

page read and write

7615000

heap

page read and write

35F7000

trusted library allocation

page read and write

6737000

heap

page read and write

5CA0000

trusted library allocation

page execute and read and write

45BB000

trusted library allocation

page read and write

73CE000

stack

page read and write

4271000

trusted library allocation

page read and write

5733000

heap

page read and write

45B0000

trusted library allocation

page read and write

44F5000

trusted library allocation

page read and write

37B8000

trusted library allocation

page read and write

7260000

trusted library allocation

page read and write

7639000

heap

page read and write

66D0000

heap

page read and write

5A4E000

stack

page read and write

6AB5000

trusted library allocation

page read and write

1506000

trusted library allocation

page execute and read and write

3078000

trusted library allocation

page read and write

157E000

heap

page read and write

5720000

trusted library allocation

page read and write

5BD0000

trusted library allocation

page read and write

3070000

trusted library allocation

page read and write

7235000

trusted library allocation

page read and write

14E3000

trusted library allocation

page execute and read and write

3761000

trusted library allocation

page read and write

5C90000

trusted library allocation

page execute and read and write

4598000

trusted library allocation

page read and write

763C000

heap

page read and write

678D000

heap

page read and write

427F000

trusted library allocation

page read and write

3260000

heap

page execute and read and write

6707000

heap

page read and write

6714000

heap

page read and write

14ED000

trusted library allocation

page execute and read and write

1570000

heap

page read and write

5970000

trusted library allocation

page read and write

724A000

trusted library allocation

page read and write

1597000

heap

page read and write

67A9000

heap

page read and write

1527000

trusted library allocation

page execute and read and write

677C000

heap

page read and write

45D9000

trusted library allocation

page read and write

3692000

trusted library allocation

page read and write

57B0000

heap

page read and write

56F6000

trusted library allocation

page read and write

6AB0000

trusted library allocation

page read and write

3698000

trusted library allocation

page read and write

7320000

trusted library allocation

page read and write

91C0000

heap

page read and write

5C60000

heap

page read and write

45D4000

trusted library allocation

page read and write

674F000

heap

page read and write

5750000

trusted library allocation

page read and write

676F000

heap

page read and write

6A3E000

stack

page read and write

37FE000

trusted library allocation

page read and write

3686000

trusted library allocation

page read and write

F07000

unkown

page readonly

7248000

trusted library allocation

page read and write

5BDE000

trusted library allocation

page read and write

18AE000

stack

page read and write

3621000

trusted library allocation

page read and write

56B0000

trusted library allocation

page read and write

37D1000

trusted library allocation

page read and write

1550000

heap

page read and write

458D000

trusted library allocation

page read and write

6A43000

trusted library allocation

page read and write

158F000

heap

page read and write

152B000

trusted library allocation

page execute and read and write

64A0000

trusted library allocation

page read and write

6A40000

trusted library allocation

page read and write

6733000

heap

page read and write

378C000

trusted library allocation

page read and write

321E000

stack

page read and write

7F870000

trusted library allocation

page execute and read and write

71DD000

stack

page read and write

56D4000

trusted library allocation

page read and write

67B9000

heap

page read and write

3727000

trusted library allocation

page read and write

56EE000

trusted library allocation

page read and write

1500000

trusted library allocation

page read and write

ED0000

unkown

page readonly

176E000

stack

page read and write

66C0000

heap

page read and write

FBA000

stack

page read and write

7340000

trusted library allocation

page read and write

5B81000

trusted library allocation

page read and write

7A8B000

stack

page read and write

375E000

trusted library allocation

page read and write

597A000

trusted library allocation

page read and write

7AE0000

trusted library allocation

page execute and read and write

45AD000

trusted library allocation

page read and write

6500000

trusted library allocation

page execute and read and write

6728000

heap

page read and write

64E0000

trusted library allocation

page read and write

7310000

trusted library allocation

page read and write

3753000

trusted library allocation

page read and write

36A0000

trusted library allocation

page read and write

56FD000

trusted library allocation

page read and write

69FC000

stack

page read and write

83BE000

stack

page read and write

671E000

heap

page read and write

3568000

trusted library allocation

page read and write

68FE000

stack

page read and write

1520000

trusted library allocation

page read and write

18CA000

heap

page read and write

1502000

trusted library allocation

page read and write

5BA1000

trusted library allocation

page read and write

5C00000

trusted library allocation

page read and write

82B0000

heap

page read and write

1578000

heap

page read and write

18B0000

trusted library allocation

page execute and read and write

14D0000

trusted library allocation

page read and write

6A83000

trusted library allocation

page read and write

7A4E000

stack

page read and write

8280000

trusted library allocation

page read and write

8030000

heap

page read and write

75D0000

heap

page read and write

3306000

trusted library allocation

page read and write

73D0000

trusted library allocation

page read and write

1440000

heap

page read and write

3630000

trusted library allocation

page read and write

3688000

trusted library allocation

page read and write

68BC000

stack

page read and write

376C000

trusted library allocation

page read and write

5C10000

trusted library allocation

page execute and read and write

6A90000

trusted library allocation

page execute and read and write

8040000

heap

page read and write

5730000

heap

page read and write

57C0000

trusted library allocation

page read and write

64C0000

trusted library allocation

page execute and read and write

14FD000

trusted library allocation

page execute and read and write

826E000

stack

page read and write

6560000

trusted library allocation

page execute and read and write

1622000

heap

page read and write

7230000

trusted library allocation

page read and write

3814000

trusted library allocation

page read and write

5BB0000

trusted library allocation

page read and write

37C3000

trusted library allocation

page read and write

572E000

trusted library allocation

page read and write

66D4000

heap

page read and write

5975000

trusted library allocation

page read and write

37DD000

trusted library allocation

page read and write

6703000

heap

page read and write

5B92000

trusted library allocation

page read and write

5C50000

trusted library allocation

page read and write

6786000

heap

page read and write

356C000

trusted library allocation

page read and write

357E000

trusted library allocation

page read and write

6A80000

trusted library allocation

page read and write

7232000

trusted library allocation

page read and write

362D000

trusted library allocation

page read and write

5702000

trusted library allocation

page read and write

725A000

trusted library allocation

page read and write

36F8000

trusted library allocation

page read and write

5BE0000

trusted library allocation

page read and write

64B0000

trusted library allocation

page read and write

1522000

trusted library allocation

page read and write

36C1000

trusted library allocation

page read and write

1320000

heap

page read and write

3695000

trusted library allocation

page read and write

7625000

heap

page read and write

5770000

trusted library allocation

page read and write

36FB000

trusted library allocation

page read and write

4393000

trusted library allocation

page read and write

363B000

trusted library allocation

page read and write

679C000

heap

page read and write

56DB000

trusted library allocation

page read and write

3633000

trusted library allocation

page read and write

12F7000

stack

page read and write

5BAA000

trusted library allocation

page read and write

44B3000

trusted library allocation

page read and write

7330000

trusted library allocation

page execute and read and write

5B7B000

trusted library allocation

page read and write

37F3000

trusted library allocation

page read and write

1540000

trusted library allocation

page read and write

765A000

heap

page read and write

37C9000

trusted library allocation

page read and write

3809000

trusted library allocation

page read and write

64D0000

trusted library allocation

page read and write

36B9000

trusted library allocation

page read and write

F02000

unkown

page readonly

3589000

trusted library allocation

page read and write

822E000

stack

page read and write

45A3000

trusted library allocation

page read and write

57C2000

trusted library allocation

page read and write

57D0000

trusted library allocation

page execute and read and write

64F0000

trusted library allocation

page execute and read and write

5A0E000

stack

page read and write

F16000

unkown

page readonly

5BD5000

trusted library allocation

page read and write

36EC000

trusted library allocation

page read and write

3777000

trusted library allocation

page read and write

7239000

trusted library allocation

page read and write

6580000

trusted library allocation

page read and write

5A60000

heap

page execute and read and write

36AC000

trusted library allocation

page read and write

724F000

trusted library allocation

page read and write

14E4000

trusted library allocation

page read and write

45B3000

trusted library allocation

page read and write

6A86000

trusted library allocation

page read and write

67BE000

heap

page read and write

14CE000

stack

page read and write

66EE000

heap

page read and write

6AB2000

trusted library allocation

page read and write

365C000

trusted library allocation

page read and write

3706000

trusted library allocation

page read and write

6AA4000

trusted library allocation

page read and write

672B000

heap

page read and write

358C000

trusted library allocation

page read and write

73F0000

trusted library allocation

page read and write

3646000

trusted library allocation

page read and write

730E000

stack

page read and write

18C0000

heap

page read and write

7612000

heap

page read and write

359C000

trusted library allocation

page read and write

5745000

trusted library allocation

page read and write

5BDB000

trusted library allocation

page read and write

654C000

stack

page read and write

536C000

stack

page read and write

5B86000

trusted library allocation

page read and write

3654000

trusted library allocation

page read and write

1445000

heap

page read and write

1659000

heap

page read and write

5710000

trusted library allocation

page read and write

5B6E000

stack

page read and write

14F0000

trusted library allocation

page read and write

67B1000

heap

page read and write

725F000

trusted library allocation

page read and write

18C7000

heap

page read and write

6AA0000

trusted library allocation

page read and write

67A3000

heap

page read and write

18CE000

heap

page read and write

1400000

heap

page read and write

3572000

trusted library allocation

page read and write

5BC1000

trusted library allocation

page read and write

671A000

heap

page read and write

3836000

trusted library allocation

page read and write

738E000

stack

page read and write

45C6000

trusted library allocation

page read and write

150A000

trusted library allocation

page execute and read and write

165E000

heap

page read and write

5A50000

trusted library allocation

page read and write

649F000

stack

page read and write

358F000

trusted library allocation

page read and write

6796000

heap

page read and write

3711000

trusted library allocation

page read and write

1525000

trusted library allocation

page execute and read and write

7632000

heap

page read and write

7ADE000

stack

page read and write

6782000

heap

page read and write

1510000

heap

page read and write

3382000

trusted library allocation

page read and write

There are 287 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
8bUUnhu0NB.exe

Files

Processes

URLs

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report8bUUnhu0NB.exe

Files

Processes

URLs

IPs

Registry

Memdumps

IOC Report
8bUUnhu0NB.exe