6F1000
|
unkown
|
page execute and read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000002.2466300957.00000000006F1000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
6F1000
|
Size: |
225280
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Stealc |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
F7E000
|
heap
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000002.2467001379.0000000000F7E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F7E000
|
Size: |
233472
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found malware configuration |
AV Detection |
|
Yara detected Stealc |
Stealing of Sensitive Information, Remote Access Functionality |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
4B50000
|
direct allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000003.2074987962.0000000004B50000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
4B50000
|
Size: |
225280
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Stealc |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098674415.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
5621000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2442950048.0000000005621000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5621000
|
Size: |
28672
|
|
6C4D1000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000002.2473847162.000000006C4D1000.00000020.00000001.01000000.0000000A.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
6C4D1000
|
Size: |
507904
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098460398.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2099152245.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097449467.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
560C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2346709813.000000000560C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560C000
|
Size: |
24576
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2064443000.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
5631000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2429926171.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5631000
|
Size: |
4096
|
|
BAE2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2429976775.000000000BAE2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BAE2000
|
Size: |
4096
|
|
5622000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360463106.0000000005622000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5622000
|
Size: |
32768
|
|
BA40000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2448917721.000000000BA40000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
BA40000
|
Size: |
176128
|
|
31CE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467376549.00000000031CE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
31CE000
|
Size: |
8192
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2064428113.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2078630627.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
5607000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232361648.0000000005607000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5607000
|
Size: |
40960
|
|
55E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468220146.00000000055E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55E0000
|
Size: |
4096
|
|
37CF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467501397.00000000037CF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
37CF000
|
Size: |
4096
|
|
5631000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2359450460.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5631000
|
Size: |
4096
|
|
55DD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468207476.00000000055DD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
55DD000
|
Size: |
12288
|
|
46CF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467837303.00000000046CF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
46CF000
|
Size: |
4096
|
|
4B10000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2068824049.0000000004B10000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4B10000
|
Size: |
180224
|
|
560D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360299683.000000000560D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560D000
|
Size: |
61440
|
|
55FD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2359316515.00000000055FD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55FD000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
6D0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2068736294.00000000006D0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
53248
|
|
2F4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467320082.0000000002F4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2F4E000
|
Size: |
8192
|
|
394E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467544179.000000000394E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
394E000
|
Size: |
8192
|
|
550000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2466217882.0000000000550000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
550000
|
Size: |
4096
|
|
6C571000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000002.2473965786.000000006C571000.00000020.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
6C571000
|
Size: |
1695744
|
|
4F8E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468078639.0000000004F8E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4F8E000
|
Size: |
8192
|
|
55FB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232242473.00000000055FB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55FB000
|
Size: |
24576
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098429847.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
D75000
|
unkown
|
page execute and write copy
|
|
|
|
Name: |
00000000.00000002.2466868187.0000000000D75000.00000080.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and write copy
|
Base address: |
D75000
|
Size: |
8192
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2064344668.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
FD7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467001379.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FD7000
|
Size: |
110592
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
354F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467446255.000000000354F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
354F000
|
Size: |
4096
|
|
B727000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2470742965.000000000B727000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B727000
|
Size: |
602112
|
|
560B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232242473.000000000560B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560B000
|
Size: |
24576
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2099343212.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
BA3F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2470901580.000000000BA3F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
BA3F000
|
Size: |
4096
|
|
5619000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232547649.0000000005619000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5619000
|
Size: |
16384
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098556906.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
6D0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2066316380.00000000006D0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
53248
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097684402.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097854612.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
61ED0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473770665.0000000061ED0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61ED0000
|
Size: |
4096
|
|
5631000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2429810691.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5631000
|
Size: |
4096
|
|
5626000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468332961.0000000005626000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5626000
|
Size: |
8192
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098877113.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097821969.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
560C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2346855877.000000000560C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560C000
|
Size: |
24576
|
|
5607000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232144920.0000000005607000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5607000
|
Size: |
40960
|
|
290E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467177287.000000000290E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
290E000
|
Size: |
8192
|
|
6D0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2072329875.00000000006D0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
53248
|
|
4CC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2468008718.0000000004CC0000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
4CC0000
|
Size: |
4096
|
|
102D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467001379.000000000102D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
102D000
|
Size: |
249856
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
3A4F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467558179.0000000003A4F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3A4F000
|
Size: |
4096
|
|
3CCF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467614301.0000000003CCF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3CCF000
|
Size: |
4096
|
|
5609000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2231599583.0000000005609000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5609000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
5607000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232958391.0000000005607000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5607000
|
Size: |
49152
|
|
3D0E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467627744.0000000003D0E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3D0E000
|
Size: |
8192
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098815536.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
EFE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2466914413.0000000000EFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
EFE000
|
Size: |
8192
|
|
5613000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2359979544.0000000005613000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5613000
|
Size: |
40960
|
|
4FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2466160680.00000000004FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4FE000
|
Size: |
8192
|
|
560C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2359316515.000000000560C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560C000
|
Size: |
16384
|
|
6D0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2067115233.00000000006D0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
53248
|
|
5610000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468291705.0000000005610000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5610000
|
Size: |
8192
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098602402.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2064476614.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097779714.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
561A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468318916.000000000561A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
561A000
|
Size: |
4096
|
|
6C750000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2474143488.000000006C750000.00000004.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
6C750000
|
Size: |
4096
|
|
560C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2233163581.000000000560C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560C000
|
Size: |
12288
|
|
4C90000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000003.2075454509.0000000004C90000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
4C90000
|
Size: |
8192
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098536369.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
561A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232925558.000000000561A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
561A000
|
Size: |
12288
|
|
F50000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000003.2076052295.0000000000F50000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
F50000
|
Size: |
4096
|
|
5623000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2359928102.0000000005623000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5623000
|
Size: |
32768
|
|
F3E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2466940895.0000000000F3E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F3E000
|
Size: |
4096
|
|
5631000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360394599.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5631000
|
Size: |
4096
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2346709813.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
32768
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098759315.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
5631000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360416733.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5631000
|
Size: |
4096
|
|
562E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2346677195.000000000562E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
562E000
|
Size: |
16384
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2078691303.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097395424.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
55F2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2430118901.00000000055F2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55F2000
|
Size: |
16384
|
|
55FB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2346855877.00000000055FB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55FB000
|
Size: |
24576
|
|
2DCF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467280231.0000000002DCF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2DCF000
|
Size: |
4096
|
|
E7F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2466881957.0000000000E7F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
E7F000
|
Size: |
4096
|
|
2A0F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467192716.0000000002A0F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2A0F000
|
Size: |
4096
|
|
5710000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2116641939.0000000005710000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5710000
|
Size: |
180224
|
|
5619000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2359517764.0000000005619000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5619000
|
Size: |
8192
|
|
561C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360073789.000000000561C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
561C000
|
Size: |
4096
|
|
41CF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467735236.00000000041CF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
41CF000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097480408.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
46D8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467848958.00000000046D8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D8000
|
Size: |
8192
|
|
5610000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232474250.0000000005610000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5610000
|
Size: |
4096
|
|
F60000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000003.2076117053.0000000000F60000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
F60000
|
Size: |
4096
|
|
3F4F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467677267.0000000003F4F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3F4F000
|
Size: |
4096
|
|
928000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2466300957.0000000000928000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
928000
|
Size: |
8192
|
|
61EB4000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473666803.0000000061EB4000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61EB4000
|
Size: |
12288
|
|
B7C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2470791206.000000000B7C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B7C0000
|
Size: |
126976
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232191477.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
32768
|
|
5613000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360463106.0000000005613000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5613000
|
Size: |
36864
|
|
5621000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2441616276.0000000005621000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5621000
|
Size: |
28672
|
|
61ED4000
|
direct allocation
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2473804480.0000000061ED4000.00000002.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page readonly
|
Base address: |
61ED4000
|
Size: |
126976
|
|
6D0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2068200836.00000000006D0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
53248
|
|
F7A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467001379.0000000000F7A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F7A000
|
Size: |
8192
|
|
5622000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360508659.0000000005622000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5622000
|
Size: |
32768
|
|
5623000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360073789.0000000005623000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5623000
|
Size: |
32768
|
|
6C74F000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000002.2474130430.000000006C74F000.00000008.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
6C74F000
|
Size: |
4096
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098631358.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
6D0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2065738689.00000000006D0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
53248
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2442976242.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
16384
|
|
55F2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360225489.00000000055F2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55F2000
|
Size: |
12288
|
|
55FA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2359811325.00000000055FA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55FA000
|
Size: |
24576
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098579674.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097601883.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098025155.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
4B10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467933910.0000000004B10000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4B10000
|
Size: |
4096
|
|
6C570000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2473950170.000000006C570000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6C570000
|
Size: |
4096
|
|
561A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2346935699.000000000561A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
561A000
|
Size: |
12288
|
|
6D0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2072788407.00000000006D0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
53248
|
|
5612000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2442976242.0000000005612000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5612000
|
Size: |
4096
|
|
FB8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467001379.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FB8000
|
Size: |
16384
|
|
308E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467349132.000000000308E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
308E000
|
Size: |
8192
|
|
B7C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2223209060.000000000B7C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
B7C0000
|
Size: |
196608
|
|
6D0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2067657349.00000000006D0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
53248
|
|
55F3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2359427497.00000000055F3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55F3000
|
Size: |
8192
|
|
560C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2441616276.000000000560C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560C000
|
Size: |
32768
|
|
5F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2466259279.00000000005F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F0000
|
Size: |
16384
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2099249454.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097744320.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
6C74E000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2474115667.000000006C74E000.00000004.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
6C74E000
|
Size: |
4096
|
|
5631000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360073789.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5631000
|
Size: |
4096
|
|
534D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468166408.000000000534D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
534D000
|
Size: |
12288
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2231666082.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
32768
|
|
560B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232578663.000000000560B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560B000
|
Size: |
12288
|
|
5621000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2442107403.0000000005621000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5621000
|
Size: |
28672
|
|
5628000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2430091959.0000000005628000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5628000
|
Size: |
8192
|
|
2B8E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467238952.0000000002B8E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2B8E000
|
Size: |
8192
|
|
434E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467773765.000000000434E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
434E000
|
Size: |
8192
|
|
5613000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2442695101.0000000005613000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5613000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097431740.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097464400.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
560000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2466234094.0000000000560000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560000
|
Size: |
8192
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097655348.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
560F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2233044918.000000000560F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560F000
|
Size: |
16384
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2064410361.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
7A5000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2466300957.00000000007A5000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
7A5000
|
Size: |
77824
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
5631000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360140943.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5631000
|
Size: |
4096
|
|
380E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467516414.000000000380E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
380E000
|
Size: |
8192
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098239179.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
45CE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467824564.00000000045CE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
45CE000
|
Size: |
8192
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2099417398.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
4CA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2467980277.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
4CA0000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2064374238.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
560D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468274826.000000000560D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560D000
|
Size: |
8192
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097925141.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2442526986.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
24576
|
|
4730000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467848958.0000000004730000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4730000
|
Size: |
8192
|
|
5631000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2359811325.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5631000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2078706454.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
5617000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2233224232.0000000005617000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5617000
|
Size: |
24576
|
|
55E6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468220146.00000000055E6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55E6000
|
Size: |
8192
|
|
2B4F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467224920.0000000002B4F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2B4F000
|
Size: |
4096
|
|
93A000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000000.2058465413.000000000093A000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
93A000
|
Size: |
4096
|
|
561A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232578663.000000000561A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
561A000
|
Size: |
12288
|
|
5715000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468372770.0000000005715000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5715000
|
Size: |
1110016
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
URLs found in memory or binary data |
Networking |
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2078725569.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
561A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232753361.000000000561A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
561A000
|
Size: |
12288
|
|
562A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360140943.000000000562A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
562A000
|
Size: |
4096
|
|
54DD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468193570.00000000054DD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
54DD000
|
Size: |
12288
|
|
774000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2466300957.0000000000774000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
774000
|
Size: |
196608
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
560F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360023144.000000000560F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560F000
|
Size: |
16384
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2442695101.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
24576
|
|
55FA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360299683.00000000055FA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55FA000
|
Size: |
24576
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097697962.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
61E00000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2473456872.0000000061E00000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
61E00000
|
Size: |
4096
|
|
BADD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2442399066.000000000BADD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BADD000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2099295160.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
3F8E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467694262.0000000003F8E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3F8E000
|
Size: |
8192
|
|
46E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467848958.00000000046E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46E0000
|
Size: |
40960
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224012600.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
32768
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2099127711.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
560C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2359928102.000000000560C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560C000
|
Size: |
69632
|
|
FC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467001379.0000000000FC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FC0000
|
Size: |
4096
|
|
B684000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2470688659.000000000B684000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B684000
|
Size: |
602112
|
|
3BCE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467599837.0000000003BCE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3BCE000
|
Size: |
8192
|
|
7C4000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2466300957.00000000007C4000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
7C4000
|
Size: |
212992
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
5621000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2429942357.0000000005621000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5621000
|
Size: |
36864
|
|
46F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467848958.00000000046F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46F0000
|
Size: |
245760
|
|
5623000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2359811325.0000000005623000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5623000
|
Size: |
32768
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2099365445.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097640434.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
FC3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467001379.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FC3000
|
Size: |
65536
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
390F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467531078.000000000390F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
390F000
|
Size: |
4096
|
|
61ECD000
|
direct allocation
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2473750872.0000000061ECD000.00000002.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page readonly
|
Base address: |
61ECD000
|
Size: |
12288
|
|
358E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467459988.000000000358E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
358E000
|
Size: |
8192
|
|
4F2000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2466160680.00000000004F2000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4F2000
|
Size: |
8192
|
|
340F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467417082.000000000340F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
340F000
|
Size: |
4096
|
|
5631000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2430061287.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5631000
|
Size: |
4096
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098513219.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
5631000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360299683.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5631000
|
Size: |
4096
|
|
561B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2359495712.000000000561B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
561B000
|
Size: |
8192
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2064323067.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
49152
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098967748.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
B7C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2139982706.000000000B7C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
B7C0000
|
Size: |
180224
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2099097831.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
BDD000
|
unkown
|
page execute and write copy
|
|
|
|
Name: |
00000000.00000002.2466742925.0000000000BDD000.00000080.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and write copy
|
Base address: |
BDD000
|
Size: |
1667072
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098898127.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
61ECC000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473733870.0000000061ECC000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61ECC000
|
Size: |
4096
|
|
857000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2466300957.0000000000857000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
857000
|
Size: |
675840
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232958391.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
32768
|
|
560F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232753361.000000000560F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560F000
|
Size: |
4096
|
|
EBE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2466897347.0000000000EBE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
EBE000
|
Size: |
8192
|
|
5612000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360182902.0000000005612000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5612000
|
Size: |
4096
|
|
55FB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2231666082.00000000055FB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55FB000
|
Size: |
24576
|
|
3E4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467656505.0000000003E4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3E4E000
|
Size: |
8192
|
|
560D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2429810691.000000000560D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560D000
|
Size: |
24576
|
|
55FB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2233108850.00000000055FB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55FB000
|
Size: |
24576
|
|
B93E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2470884301.000000000B93E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
B93E000
|
Size: |
8192
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098834373.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
5621000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2442526986.0000000005621000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5621000
|
Size: |
28672
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098918925.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
6F0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2466288663.00000000006F0000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
6F0000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2078653081.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
330E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467403587.000000000330E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
330E000
|
Size: |
8192
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2099317681.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
B7E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2470791206.000000000B7E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B7E0000
|
Size: |
520192
|
|
F70000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467001379.0000000000F70000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F70000
|
Size: |
32768
|
|
4E4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468050902.0000000004E4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4E4E000
|
Size: |
8192
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232753361.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
16384
|
|
F10000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2074806551.0000000000F10000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
F10000
|
Size: |
53248
|
|
5617000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360247282.0000000005617000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5617000
|
Size: |
20480
|
|
B99000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2466503871.0000000000B99000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
B99000
|
Size: |
110592
|
|
2C8F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467253401.0000000002C8F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2C8F000
|
Size: |
4096
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098267810.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098188860.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098122031.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
6C55E000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473917624.000000006C55E000.00000004.00000001.01000000.0000000A.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
6C55E000
|
Size: |
8192
|
|
318F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467363326.000000000318F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
318F000
|
Size: |
4096
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098214956.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468304441.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
16384
|
|
55F1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224109662.00000000055F1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55F1000
|
Size: |
16384
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097616328.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
55F3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2443078009.00000000055F3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55F3000
|
Size: |
12288
|
|
32CF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467390569.00000000032CF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
32CF000
|
Size: |
4096
|
|
B8C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2234976802.000000000B8C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
B8C0000
|
Size: |
180224
|
|
F37000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2466940895.0000000000F37000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F37000
|
Size: |
12288
|
|
560D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232310033.000000000560D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560D000
|
Size: |
16384
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2099177969.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
5631000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2430091959.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5631000
|
Size: |
4096
|
|
3B8F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467586393.0000000003B8F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3B8F000
|
Size: |
4096
|
|
55F3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2346783257.00000000055F3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55F3000
|
Size: |
8192
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097501205.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
5623000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2359979544.0000000005623000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5623000
|
Size: |
32768
|
|
560F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232578663.000000000560F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560F000
|
Size: |
4096
|
|
55FB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2346783257.00000000055FB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55FB000
|
Size: |
24576
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2233044918.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
32768
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232361648.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
32768
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2064458312.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2078552859.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
241664
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097669538.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
5622000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360299683.0000000005622000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5622000
|
Size: |
40960
|
|
6D0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2071405847.00000000006D0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
53248
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2099272773.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232578663.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
16384
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098067566.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
BCE000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2466503871.0000000000BCE000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
BCE000
|
Size: |
36864
|
|
4CB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2467994568.0000000004CB0000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
4CB0000
|
Size: |
4096
|
|
55EF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468220146.00000000055EF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55EF000
|
Size: |
16384
|
|
448E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467799252.000000000448E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
448E000
|
Size: |
8192
|
|
5621000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2429810691.0000000005621000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5621000
|
Size: |
36864
|
|
560C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2359811325.000000000560C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560C000
|
Size: |
69632
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098715453.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
4D0E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468022515.0000000004D0E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4D0E000
|
Size: |
8192
|
|
50CE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468107864.00000000050CE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
50CE000
|
Size: |
8192
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097710828.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
5619000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360268730.0000000005619000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5619000
|
Size: |
12288
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098092147.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2099036417.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2078668762.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
6C562000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2473934670.000000006C562000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6C562000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
61EB7000
|
direct allocation
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2473696415.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page readonly
|
Base address: |
61EB7000
|
Size: |
86016
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
420E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467747317.000000000420E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
420E000
|
Size: |
8192
|
|
BAE5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2442399066.000000000BAE5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BAE5000
|
Size: |
4096
|
|
2E0E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467293163.0000000002E0E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2E0E000
|
Size: |
8192
|
|
FF3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467001379.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FF3000
|
Size: |
233472
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
7C0000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2466300957.00000000007C0000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
7C0000
|
Size: |
12288
|
|
5619000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2346828921.0000000005619000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5619000
|
Size: |
16384
|
|
6F0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2058321916.00000000006F0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6F0000
|
Size: |
4096
|
|
5621000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2430061287.0000000005621000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5621000
|
Size: |
36864
|
|
BAEB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2442399066.000000000BAEB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BAEB000
|
Size: |
12288
|
|
61E01000
|
direct allocation
|
page execute read
|
|
|
|
Name: |
00000000.00000002.2473492191.0000000061E01000.00000020.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute read
|
Base address: |
61E01000
|
Size: |
733184
|
|
B861000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2470791206.000000000B861000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B861000
|
Size: |
49152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360182902.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
28672
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098651311.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2233008770.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
32768
|
|
5623000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2359450460.0000000005623000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5623000
|
Size: |
24576
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098376074.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
51CF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468122216.00000000051CF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
51CF000
|
Size: |
4096
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098855495.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
55FB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2233163581.00000000055FB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55FB000
|
Size: |
24576
|
|
1EC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2466135192.00000000001EC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1EC000
|
Size: |
16384
|
|
F30000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2466940895.0000000000F30000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F30000
|
Size: |
20480
|
|
6E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2466274504.00000000006E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6E0000
|
Size: |
4096
|
|
6D0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2069498863.00000000006D0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
53248
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2441616276.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
24576
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232430690.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
32768
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098739819.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
AC1000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2466503871.0000000000AC1000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
AC1000
|
Size: |
876544
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098406778.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
61ED3000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473770665.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61ED3000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2CCE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467266312.0000000002CCE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2CCE000
|
Size: |
8192
|
|
BC2000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2466503871.0000000000BC2000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
BC2000
|
Size: |
45056
|
|
F40000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000003.2076156484.0000000000F40000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
F40000
|
Size: |
4096
|
|
6C4D0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2473829004.000000006C4D0000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6C4D0000
|
Size: |
4096
|
|
368F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467474188.000000000368F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
368F000
|
Size: |
4096
|
|
5610000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2346911386.0000000005610000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5610000
|
Size: |
8192
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2346764096.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
32768
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098695154.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
5619000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2442852541.0000000005619000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5619000
|
Size: |
8192
|
|
5CD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2466246962.00000000005CD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CD000
|
Size: |
12288
|
|
520E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468137434.000000000520E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
520E000
|
Size: |
8192
|
|
3E0F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467642123.0000000003E0F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3E0F000
|
Size: |
4096
|
|
4F8000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2466160680.00000000004F8000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4F8000
|
Size: |
20480
|
|
6D0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2071871635.00000000006D0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
53248
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2442107403.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
24576
|
|
444F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467786602.000000000444F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
444F000
|
Size: |
4096
|
|
5631000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2359402695.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5631000
|
Size: |
4096
|
|
D74000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2466855213.0000000000D74000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
D74000
|
Size: |
4096
|
|
561B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360508659.000000000561B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
561B000
|
Size: |
4096
|
|
304F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467335617.000000000304F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
304F000
|
Size: |
4096
|
|
4B8C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467947788.0000000004B8C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4B8C000
|
Size: |
16384
|
|
4F4F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468065364.0000000004F4F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4F4F000
|
Size: |
4096
|
|
36CE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467487107.00000000036CE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
36CE000
|
Size: |
8192
|
|
6C70F000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2474085998.000000006C70F000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6C70F000
|
Size: |
258048
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
4E0F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468037241.0000000004E0F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4E0F000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097889213.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
6C755000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2474156729.000000006C755000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6C755000
|
Size: |
73728
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232474250.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
32768
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2099388878.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
BDC000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2466503871.0000000000BDC000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
BDC000
|
Size: |
4096
|
|
4C90000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000003.2075223566.0000000004C90000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
4C90000
|
Size: |
8192
|
|
5612000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2223984484.0000000005612000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5612000
|
Size: |
45056
|
|
6D0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2065136971.00000000006D0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
53248
|
|
544D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468179501.000000000544D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
544D000
|
Size: |
12288
|
|
5621000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2442695101.0000000005621000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5621000
|
Size: |
28672
|
|
5621000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2442852541.0000000005621000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5621000
|
Size: |
28672
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097838984.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
4C8F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467964975.0000000004C8F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4C8F000
|
Size: |
4096
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098941653.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2231599583.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
32768
|
|
55FB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232578663.00000000055FB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55FB000
|
Size: |
24576
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098003718.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
560E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232519665.000000000560E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560E000
|
Size: |
8192
|
|
530C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468151274.000000000530C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
530C000
|
Size: |
16384
|
|
46D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467848958.00000000046D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D0000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2064391806.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098788887.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2232144920.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
32768
|
|
F10000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2466928114.0000000000F10000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
F10000
|
Size: |
4096
|
|
BADA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2429976775.000000000BADA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BADA000
|
Size: |
4096
|
|
5631000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2359365939.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5631000
|
Size: |
4096
|
|
562A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360416733.000000000562A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
562A000
|
Size: |
8192
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2099202635.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
55F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468261785.00000000055F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55F4000
|
Size: |
8192
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097947780.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
344E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467430212.000000000344E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
344E000
|
Size: |
8192
|
|
408F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467708809.000000000408F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
408F000
|
Size: |
4096
|
|
5631000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2359905449.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5631000
|
Size: |
4096
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2429942357.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
24576
|
|
5615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2429810691.0000000005615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5615000
|
Size: |
24576
|
|
5631000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2442479825.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5631000
|
Size: |
4096
|
|
F3B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2466940895.0000000000F3B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F3B000
|
Size: |
4096
|
|
6D0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2070303957.00000000006D0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
53248
|
|
55F1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2233108850.00000000055F1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55F1000
|
Size: |
16384
|
|
5614000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360553730.0000000005614000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5614000
|
Size: |
28672
|
|
55FB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224012600.00000000055FB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
55FB000
|
Size: |
24576
|
|
93A000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2466487576.000000000093A000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
93A000
|
Size: |
4096
|
|
2A4C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467208741.0000000002A4C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2A4C000
|
Size: |
16384
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097873258.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098491044.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
430F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467760569.000000000430F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
430F000
|
Size: |
4096
|
|
3A8E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467572810.0000000003A8E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3A8E000
|
Size: |
8192
|
|
458F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467812505.000000000458F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
458F000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2064492312.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
2F0F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467306572.0000000002F0F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2F0F000
|
Size: |
4096
|
|
93C000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2466503871.000000000093C000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
93C000
|
Size: |
1581056
|
|
560D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2360049062.000000000560D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560D000
|
Size: |
8192
|
|
BDC000
|
unkown
|
page execute and write copy
|
|
|
|
Name: |
00000000.00000000.2058489545.0000000000BDC000.00000080.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute and write copy
|
Base address: |
BDC000
|
Size: |
1683456
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2099072669.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
508E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468093555.000000000508E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
508E000
|
Size: |
8192
|
|
560C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2442526986.000000000560C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560C000
|
Size: |
32768
|
|
5631000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2468332961.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5631000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097798701.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098291559.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
40CE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2467722027.00000000040CE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
40CE000
|
Size: |
8192
|
|
6C54D000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2473897170.000000006C54D000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6C54D000
|
Size: |
69632
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097585190.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098164628.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
5F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097729358.00000000005F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5F4000
|
Size: |
4096
|
|
6D0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2070932880.00000000006D0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
53248
|
|
F10000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2073950831.0000000000F10000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
F10000
|
Size: |
53248
|
|
46D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2099226524.00000000046D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46D1000
|
Size: |
4096
|
|
560F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2443051113.000000000560F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
560F000
|
Size: |
12288
|
|
6F1000
|
unkown
|
page execute and write copy
|
|
|
|
Name: |
00000000.00000000.2058346736.00000000006F1000.00000080.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute and write copy
|
Base address: |
6F1000
|
Size: |
94208
|
|