86E000
|
heap
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000001.00000002.2161432787.000000000086E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
86E000
|
Size: |
118784
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Stealc |
Stealing of Sensitive Information, Remote Access Functionality |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
BEB000
|
unkown
|
page readonly
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000001.00000000.1263488038.0000000000BEB000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
BEB000
|
Size: |
49152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Stealc |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
BEB000
|
unkown
|
page readonly
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000001.00000002.2161702977.0000000000BEB000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
BEB000
|
Size: |
49152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Stealc |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
33B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000015.00000002.2213123940.00000000033B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
21
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
33B0000
|
Size: |
20480
|
|
9B4A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.2135892971.0000000009B4A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9B4A000
|
Size: |
8192
|
|
95E9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1721125720.00000000095E9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E9000
|
Size: |
24576
|
|
95DF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.2021767529.00000000095DF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95DF000
|
Size: |
28672
|
|
8E8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1294209924.00000000008E8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8E8000
|
Size: |
237568
|
|
9603000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1721042416.0000000009603000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9603000
|
Size: |
4096
|
|
8E2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1327145291.00000000008E2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8E2000
|
Size: |
270336
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
95E7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720962199.00000000095E7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E7000
|
Size: |
32768
|
|
BF7000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000001.00000000.1263536556.0000000000BF7000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
BF7000
|
Size: |
4096
|
|
95DF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1721231700.00000000095DF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95DF000
|
Size: |
28672
|
|
9603000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1721157856.0000000009603000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9603000
|
Size: |
4096
|
|
95E8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1592577852.00000000095E8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E8000
|
Size: |
28672
|
|
9BD7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.2023301381.0000000009BD7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9BD7000
|
Size: |
4096
|
|
61EB4000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2168942139.0000000061EB4000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61EB4000
|
Size: |
12288
|
|
31C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000015.00000002.2213088310.00000000031C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
21
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31C0000
|
Size: |
20480
|
|
2BFE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162199221.0000000002BFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2BFE000
|
Size: |
8192
|
|
3270000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1279598746.0000000003270000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
3270000
|
Size: |
4096
|
|
9777000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720657327.0000000009777000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9777000
|
Size: |
8192
|
|
88C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161432787.000000000088C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
88C000
|
Size: |
143360
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
6CD50000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2169147776.000000006CD50000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6CD50000
|
Size: |
4096
|
|
95F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1987130414.00000000095F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95F4000
|
Size: |
12288
|
|
2BBF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162178345.0000000002BBF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2BBF000
|
Size: |
4096
|
|
9772000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720657327.0000000009772000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9772000
|
Size: |
4096
|
|
95F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.2061555874.00000000095F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95F4000
|
Size: |
12288
|
|
95DA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1592611199.00000000095DA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95DA000
|
Size: |
49152
|
|
8D2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1592171332.00000000008D2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8D2000
|
Size: |
475136
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
987E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165771309.000000000987E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
987E000
|
Size: |
4096
|
|
9760000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720657327.0000000009760000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9760000
|
Size: |
4096
|
|
95DF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720962199.00000000095DF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95DF000
|
Size: |
28672
|
|
95E8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720051799.00000000095E8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E8000
|
Size: |
28672
|
|
9BCF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.2023301381.0000000009BCF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9BCF000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
96D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165341775.00000000096D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
96D0000
|
Size: |
126976
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
9D7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1596982924.00000000009D7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D7000
|
Size: |
4096
|
|
95E8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1709066625.00000000095E8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E8000
|
Size: |
28672
|
|
95DF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720051799.00000000095DF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95DF000
|
Size: |
28672
|
|
6CF2E000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2169354852.000000006CF2E000.00000004.00000001.01000000.00000009.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
6CF2E000
|
Size: |
4096
|
|
97E2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165541266.00000000097E2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
97E2000
|
Size: |
8192
|
|
30CC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162354152.00000000030CC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
30CC000
|
Size: |
16384
|
|
924000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720772984.0000000000924000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
924000
|
Size: |
184320
|
|
9A1E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165900989.0000000009A1E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9A1E000
|
Size: |
8192
|
|
8E1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1370189065.00000000008E1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8E1000
|
Size: |
278528
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
9603000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1721231700.0000000009603000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9603000
|
Size: |
4096
|
|
95F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1721073566.00000000095F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95F5000
|
Size: |
24576
|
|
925000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1440144967.0000000000925000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
925000
|
Size: |
24576
|
|
9B7C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165953592.0000000009B7C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B7C000
|
Size: |
16384
|
|
95E7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1721073566.00000000095E7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E7000
|
Size: |
32768
|
|
6CF35000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2169413169.000000006CF35000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6CF35000
|
Size: |
73728
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
F50000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161985474.0000000000F50000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F50000
|
Size: |
4096
|
|
97E5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165541266.00000000097E5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
97E5000
|
Size: |
376832
|
|
61ED4000
|
direct allocation
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2169109643.0000000061ED4000.00000002.00001000.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page readonly
|
Base address: |
61ED4000
|
Size: |
126976
|
|
9606000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1986997307.0000000009606000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9606000
|
Size: |
24576
|
|
8D2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1327187661.00000000008D2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8D2000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
E0A000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000000.1263635289.0000000000E0A000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
E0A000
|
Size: |
16384
|
|
9B1E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165927202.0000000009B1E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B1E000
|
Size: |
8192
|
|
3551000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1573301152.0000000003551000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3551000
|
Size: |
245760
|
|
95E8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1592644833.00000000095E8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E8000
|
Size: |
28672
|
|
96C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165341775.00000000096C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
96C0000
|
Size: |
61440
|
|
5EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161297462.00000000005EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5EE000
|
Size: |
8192
|
|
95E7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1592234278.00000000095E7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E7000
|
Size: |
32768
|
|
9600000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1708898990.0000000009600000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9600000
|
Size: |
16384
|
|
946000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1592119090.0000000000946000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
946000
|
Size: |
4096
|
|
95DF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1987130414.00000000095DF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95DF000
|
Size: |
28672
|
|
61E01000
|
direct allocation
|
page execute read
|
|
|
|
Name: |
00000001.00000002.2168870696.0000000061E01000.00000020.00001000.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute read
|
Base address: |
61E01000
|
Size: |
733184
|
|
2D3E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162234793.0000000002D3E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2D3E000
|
Size: |
8192
|
|
97C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165541266.00000000097C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
97C0000
|
Size: |
49152
|
|
9603000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1986997307.0000000009603000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9603000
|
Size: |
4096
|
|
5E7000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161297462.00000000005E7000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5E7000
|
Size: |
24576
|
|
BAE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161644436.0000000000BAE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
BAE000
|
Size: |
8192
|
|
107AB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2168802127.00000000107AB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
107AB000
|
Size: |
20480
|
|
70172000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2169574543.0000000070172000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
70172000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
9603000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720134442.0000000009603000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9603000
|
Size: |
4096
|
|
95DF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.2061555874.00000000095DF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95DF000
|
Size: |
28672
|
|
C75000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161738195.0000000000C75000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
C75000
|
Size: |
77824
|
|
95E8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1708990333.00000000095E8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E8000
|
Size: |
28672
|
|
BC0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2161659646.0000000000BC0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
BC0000
|
Size: |
4096
|
|
9606000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1987335273.0000000009606000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9606000
|
Size: |
24576
|
|
95F1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1987130414.00000000095F1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95F1000
|
Size: |
4096
|
|
2E8E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162273518.0000000002E8E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2E8E000
|
Size: |
8192
|
|
FAE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162097890.0000000000FAE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
FAE000
|
Size: |
8192
|
|
BC1000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000001.00000002.2161675864.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
BC1000
|
Size: |
172032
|
|
95CE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720051799.00000000095CE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95CE000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
95E7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.2061555874.00000000095E7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E7000
|
Size: |
32768
|
|
9BDF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1987254882.0000000009BDF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9BDF000
|
Size: |
4096
|
|
6CF30000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2169398050.000000006CF30000.00000004.00000001.01000000.00000009.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
6CF30000
|
Size: |
4096
|
|
850000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161413206.0000000000850000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
850000
|
Size: |
8192
|
|
5E2000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161297462.00000000005E2000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5E2000
|
Size: |
8192
|
|
9603000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1721315016.0000000009603000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9603000
|
Size: |
4096
|
|
95F1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.2021767529.00000000095F1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95F1000
|
Size: |
4096
|
|
95C5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165057522.00000000095C5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95C5000
|
Size: |
12288
|
|
8E2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1305856066.00000000008E2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8E2000
|
Size: |
16384
|
|
95E8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1592526892.00000000095E8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E8000
|
Size: |
28672
|
|
95E2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1721073566.00000000095E2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E2000
|
Size: |
16384
|
|
3270000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1279643195.0000000003270000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
3270000
|
Size: |
4096
|
|
4B0E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000015.00000002.2213160357.0000000004B0E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
21
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4B0E000
|
Size: |
8192
|
|
95DF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165157035.00000000095DF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95DF000
|
Size: |
28672
|
|
975B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720657327.000000000975B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
975B000
|
Size: |
4096
|
|
7015D000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2169521892.000000007015D000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7015D000
|
Size: |
69632
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
9683000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165323345.0000000009683000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9683000
|
Size: |
12288
|
|
95F1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.2061555874.00000000095F1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95F1000
|
Size: |
4096
|
|
61E00000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.2168845963.0000000061E00000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
61E00000
|
Size: |
4096
|
|
340E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162519258.000000000340E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
340E000
|
Size: |
8192
|
|
95D7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165057522.00000000095D7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95D7000
|
Size: |
8192
|
|
92C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1370116350.000000000092C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
92C000
|
Size: |
8192
|
|
2DEC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000015.00000002.2212998267.0000000002DEC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
21
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2DEC000
|
Size: |
16384
|
|
8E1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1440239204.00000000008E1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8E1000
|
Size: |
278528
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
95E7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1721188212.00000000095E7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E7000
|
Size: |
8192
|
|
FD0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162117751.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FD0000
|
Size: |
8192
|
|
927000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1337946626.0000000000927000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
927000
|
Size: |
8192
|
|
3270000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1279624698.0000000003270000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
3270000
|
Size: |
4096
|
|
95E7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1987130414.00000000095E7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E7000
|
Size: |
32768
|
|
95C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1440417213.00000000095C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
95C0000
|
Size: |
180224
|
|
33B7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000015.00000002.2213123940.00000000033B7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
21
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
33B7000
|
Size: |
45056
|
|
321E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162439605.000000000321E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
321E000
|
Size: |
8192
|
|
9603000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720962199.0000000009603000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9603000
|
Size: |
4096
|
|
9848000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165541266.0000000009848000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9848000
|
Size: |
4096
|
|
9603000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1987335273.0000000009603000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9603000
|
Size: |
4096
|
|
95E7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165157035.00000000095E7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E7000
|
Size: |
32768
|
|
95E2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1709066625.00000000095E2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E2000
|
Size: |
20480
|
|
C44000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161738195.0000000000C44000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
C44000
|
Size: |
196608
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
840000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161385747.0000000000840000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
840000
|
Size: |
4096
|
|
95DF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1708951253.00000000095DF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95DF000
|
Size: |
32768
|
|
9671000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165256023.0000000009671000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9671000
|
Size: |
12288
|
|
E0A000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2161924264.0000000000E0A000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
E0A000
|
Size: |
16384
|
|
9D7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.2048089881.00000000009D7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D7000
|
Size: |
4096
|
|
33AF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162481419.00000000033AF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
33AF000
|
Size: |
4096
|
|
3540000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162559488.0000000003540000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3540000
|
Size: |
4096
|
|
108AC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2168822046.00000000108AC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
108AC000
|
Size: |
16384
|
|
95FC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1721332601.00000000095FC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95FC000
|
Size: |
16384
|
|
95F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720962199.00000000095F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95F5000
|
Size: |
40960
|
|
9BDD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.2023301381.0000000009BDD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9BDD000
|
Size: |
12288
|
|
95F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1721125720.00000000095F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95F5000
|
Size: |
24576
|
|
6CF2F000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000001.00000002.2169375662.000000006CF2F000.00000008.00000001.01000000.00000009.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
6CF2F000
|
Size: |
4096
|
|
9766000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720657327.0000000009766000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9766000
|
Size: |
8192
|
|
95E7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1592268829.00000000095E7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E7000
|
Size: |
32768
|
|
4C10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000015.00000002.2213194609.0000000004C10000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
21
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4C10000
|
Size: |
20480
|
|
95F7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1986997307.00000000095F7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95F7000
|
Size: |
20480
|
|
320F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000015.00000002.2213106224.000000000320F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
21
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
320F000
|
Size: |
4096
|
|
9B40000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.2135892971.0000000009B40000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9B40000
|
Size: |
20480
|
|
95FE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1721157856.00000000095FE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95FE000
|
Size: |
4096
|
|
8C5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1327187661.00000000008C5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8C5000
|
Size: |
45056
|
|
95E3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1721188212.00000000095E3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E3000
|
Size: |
12288
|
|
4EB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161275098.00000000004EB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4EB000
|
Size: |
20480
|
|
92C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1440144967.000000000092C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
92C000
|
Size: |
8192
|
|
9606000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.2023811168.0000000009606000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9606000
|
Size: |
32768
|
|
86A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161432787.000000000086A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
86A000
|
Size: |
8192
|
|
106BC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.2135594291.00000000106BC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
106BC000
|
Size: |
5242880
|
|
8E2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1294209924.00000000008E2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8E2000
|
Size: |
16384
|
|
95C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165057522.00000000095C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95C0000
|
Size: |
12288
|
|
94D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1573170902.000000000094D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
94D000
|
Size: |
4096
|
|
4B4F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000015.00000002.2213178884.0000000004B4F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
21
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4B4F000
|
Size: |
4096
|
|
303C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000015.00000002.2213020459.000000000303C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
21
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
303C000
|
Size: |
16384
|
|
9880000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165771309.0000000009880000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9880000
|
Size: |
4096
|
|
9674000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.2061420888.0000000009674000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9674000
|
Size: |
73728
|
|
95FF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165236808.00000000095FF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95FF000
|
Size: |
4096
|
|
95F1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165157035.00000000095F1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95F1000
|
Size: |
4096
|
|
95CC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1721231700.00000000095CC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95CC000
|
Size: |
28672
|
|
F4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161968303.0000000000F4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
F4E000
|
Size: |
8192
|
|
9882000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165771309.0000000009882000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9882000
|
Size: |
249856
|
|
31B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000015.00000002.2213071719.00000000031B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
21
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31B0000
|
Size: |
4096
|
|
95FB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1721058187.00000000095FB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95FB000
|
Size: |
16384
|
|
95F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1721231700.00000000095F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95F5000
|
Size: |
45056
|
|
8E8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1294280311.00000000008E8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8E8000
|
Size: |
237568
|
|
97E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165541266.00000000097E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
97E0000
|
Size: |
4096
|
|
61EB7000
|
direct allocation
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2168967394.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page readonly
|
Base address: |
61EB7000
|
Size: |
86016
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
2FCE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162316310.0000000002FCE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2FCE000
|
Size: |
8192
|
|
3551000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1338167361.0000000003551000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3551000
|
Size: |
65536
|
|
8E8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1305856066.00000000008E8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8E8000
|
Size: |
253952
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
9710000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165341775.0000000009710000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9710000
|
Size: |
126976
|
|
860000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161432787.0000000000860000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
860000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
|
31AE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000015.00000002.2213056414.00000000031AE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
21
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
31AE000
|
Size: |
8192
|
|
95CE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1592526892.00000000095CE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95CE000
|
Size: |
24576
|
|
BC1000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000001.00000000.1263391409.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
BC1000
|
Size: |
172032
|
|
8C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1592171332.00000000008C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8C4000
|
Size: |
49152
|
|
922000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720772984.0000000000922000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
922000
|
Size: |
4096
|
|
3652000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162622631.0000000003652000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3652000
|
Size: |
1110016
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
URLs found in memory or binary data |
Networking |
|
|
94D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1592119090.000000000094D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
94D000
|
Size: |
4096
|
|
9D7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1338192770.00000000009D7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D7000
|
Size: |
8192
|
|
8E1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1573253135.00000000008E1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8E1000
|
Size: |
413696
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
61ECC000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2168996206.0000000061ECC000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61ECC000
|
Size: |
4096
|
|
9603000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720051799.0000000009603000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9603000
|
Size: |
4096
|
|
975D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720657327.000000000975D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
975D000
|
Size: |
8192
|
|
960B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165256023.000000000960B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
960B000
|
Size: |
12288
|
|
9D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161608879.00000000009D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D0000
|
Size: |
16384
|
|
9730000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165341775.0000000009730000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9730000
|
Size: |
573440
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
95E8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1592611199.00000000095E8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E8000
|
Size: |
28672
|
|
2F8F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162299695.0000000002F8F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2F8F000
|
Size: |
4096
|
|
8E8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1305907742.00000000008E8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8E8000
|
Size: |
253952
|
|
3550000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162577103.0000000003550000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3550000
|
Size: |
221184
|
|
6CD51000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000001.00000002.2169174229.000000006CD51000.00000020.00000001.01000000.00000009.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
6CD51000
|
Size: |
1695744
|
|
95E7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.2021767529.00000000095E7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E7000
|
Size: |
32768
|
|
FDC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162117751.0000000000FDC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FDC000
|
Size: |
12288
|
|
BC0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000000.1263364629.0000000000BC0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
BC0000
|
Size: |
4096
|
|
D27000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161738195.0000000000D27000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
D27000
|
Size: |
675840
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
95E7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1721231700.00000000095E7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E7000
|
Size: |
32768
|
|
8D2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1573194007.00000000008D2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8D2000
|
Size: |
475136
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
8E5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1305907742.00000000008E5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8E5000
|
Size: |
4096
|
|
7016E000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2169552174.000000007016E000.00000004.00000001.01000000.0000000A.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
7016E000
|
Size: |
8192
|
|
94B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1592119090.000000000094B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
94B000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
95E8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1708951253.00000000095E8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E8000
|
Size: |
28672
|
|
95DD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1592526892.00000000095DD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95DD000
|
Size: |
12288
|
|
9B30000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000003.2048156717.0000000009B30000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
9B30000
|
Size: |
159744
|
|
700E0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2169440418.00000000700E0000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
700E0000
|
Size: |
4096
|
|
3090000
|
heap
|
page read and write
|
|
|
|
Name: |
00000015.00000002.2213038796.0000000003090000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
21
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3090000
|
Size: |
4096
|
|
3551000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1596911262.0000000003551000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3551000
|
Size: |
262144
|
|
61ECD000
|
direct allocation
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2169016423.0000000061ECD000.00000002.00001000.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page readonly
|
Base address: |
61ECD000
|
Size: |
12288
|
|
2CFF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162218414.0000000002CFF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2CFF000
|
Size: |
4096
|
|
95F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.2021767529.00000000095F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95F4000
|
Size: |
12288
|
|
E4D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161944246.0000000000E4D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
E4D000
|
Size: |
12288
|
|
95C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1573379637.00000000095C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
95C0000
|
Size: |
192512
|
|
105FB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2168753299.00000000105FB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
105FB000
|
Size: |
20480
|
|
3551000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.2048020423.0000000003551000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3551000
|
Size: |
241664
|
|
61ED3000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2169040835.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61ED3000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
924000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1316454572.0000000000924000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
924000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
61ED0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2169040835.0000000061ED0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61ED0000
|
Size: |
4096
|
|
32AE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162460102.00000000032AE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
32AE000
|
Size: |
8192
|
|
350E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162538629.000000000350E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
350E000
|
Size: |
8192
|
|
8DB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1327145291.00000000008DB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8DB000
|
Size: |
8192
|
|
6CEEF000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2169308920.000000006CEEF000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6CEEF000
|
Size: |
258048
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
97C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1597054149.00000000097C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
97C0000
|
Size: |
176128
|
|
95DC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1592234278.00000000095DC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95DC000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
DF8000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161738195.0000000000DF8000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
DF8000
|
Size: |
8192
|
|
700E1000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000001.00000002.2169470827.00000000700E1000.00000020.00000001.01000000.0000000A.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
700E1000
|
Size: |
507904
|
|
C8C000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161738195.0000000000C8C000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
C8C000
|
Size: |
245760
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
9D5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161608879.00000000009D5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D5000
|
Size: |
16384
|
|
8E2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1316489526.00000000008E2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8E2000
|
Size: |
270336
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
9603000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1709047139.0000000009603000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9603000
|
Size: |
4096
|
|
9BD7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1987254882.0000000009BD7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9BD7000
|
Size: |
4096
|
|
8E5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1294280311.00000000008E5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8E5000
|
Size: |
4096
|
|
97CD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165541266.00000000097CD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
97CD000
|
Size: |
12288
|
|
95FF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1986997307.00000000095FF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95FF000
|
Size: |
4096
|
|
3650000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1338247867.0000000003650000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3650000
|
Size: |
188416
|
|
95F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165157035.00000000095F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95F4000
|
Size: |
12288
|
|
99D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161591231.000000000099D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
99D000
|
Size: |
12288
|
|
FD3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162117751.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FD3000
|
Size: |
16384
|
|
2E3F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162254261.0000000002E3F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2E3F000
|
Size: |
4096
|
|
96F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2165341775.00000000096F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
96F0000
|
Size: |
126976
|
|
9D7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1573333394.00000000009D7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D7000
|
Size: |
4096
|
|
311D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2162415017.000000000311D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
311D000
|
Size: |
12288
|
|
8B2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161432787.00000000008B2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8B2000
|
Size: |
122880
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
106A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2168779975.00000000106A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
106A0000
|
Size: |
4096
|
|
976E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720657327.000000000976E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
976E000
|
Size: |
8192
|
|
92F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1370116350.000000000092F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
92F000
|
Size: |
12288
|
|
8C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1573194007.00000000008C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8C4000
|
Size: |
49152
|
|
95CC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720962199.00000000095CC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95CC000
|
Size: |
28672
|
|
8D2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2161432787.00000000008D2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8D2000
|
Size: |
536576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
BF7000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000001.00000002.2161720901.0000000000BF7000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
BF7000
|
Size: |
4096
|
|
95F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1720051799.00000000095F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95F5000
|
Size: |
24576
|
|
95E4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1573977472.00000000095E4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95E4000
|
Size: |
45056
|
|
8E2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1337999601.00000000008E2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8E2000
|
Size: |
274432
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|