708000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352162990.0000000000708000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
708000
|
Size: |
278528
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
2D41000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321013631.0000000002D41000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D41000
|
Size: |
16384
|
|
2160000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1278695097.0000000002160000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
2160000
|
Size: |
335872
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349794653.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308922639.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
2D13000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321013631.0000000002D13000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D13000
|
Size: |
12288
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350447211.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2CFD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651799702.0000000002CFD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFD000
|
Size: |
4096
|
|
1F7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352637619.00000000001F7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1F7000
|
Size: |
8192
|
|
401000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000004.00000000.1270675314.0000000000401000.00000020.00000001.01000000.00000004.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
401000
|
Size: |
36864
|
|
1F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650611828.00000000001F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1F5000
|
Size: |
12288
|
|
63E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650848473.000000000063E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
63E000
|
Size: |
8192
|
|
2D62000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651889799.0000000002D62000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D62000
|
Size: |
81920
|
|
2BCE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651765008.0000000002BCE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2BCE000
|
Size: |
8192
|
|
757000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1401299042.0000000000757000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
757000
|
Size: |
32768
|
|
2D00000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1363716076.0000000002D00000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D00000
|
Size: |
20480
|
|
6E9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1363898461.00000000006E9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6E9000
|
Size: |
49152
|
|
2D62000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1375115042.0000000002D62000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D62000
|
Size: |
81920
|
|
705000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1363898461.0000000000705000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
705000
|
Size: |
4096
|
|
2CFE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351116858.0000000002CFE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFE000
|
Size: |
4096
|
|
2D09000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1309017688.0000000002D09000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D09000
|
Size: |
65536
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308475442.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
8192
|
|
2D0E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1369166301.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0E000
|
Size: |
290816
|
|
2CFF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1401129913.0000000002CFF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFF000
|
Size: |
24576
|
|
6F6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650981832.00000000006F6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6F6000
|
Size: |
45056
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351786554.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2D0F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335232368.0000000002D0F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0F000
|
Size: |
16384
|
|
357C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1368064988.000000000357C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
357C000
|
Size: |
5242880
|
|
6EA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352285940.00000000006EA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6EA000
|
Size: |
45056
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
|
2A3F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651704861.0000000002A3F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2A3F000
|
Size: |
4096
|
|
2CE9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335543044.0000000002CE9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CE9000
|
Size: |
24576
|
|
411000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000004.00000000.1270675314.0000000000411000.00000020.00000001.01000000.00000004.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
411000
|
Size: |
204800
|
|
2D79000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1375115042.0000000002D79000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D79000
|
Size: |
98304
|
|
2CFE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351398085.0000000002CFE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFE000
|
Size: |
4096
|
|
2D1F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351744750.0000000002D1F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1F000
|
Size: |
4096
|
|
2D06000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349403083.0000000002D06000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D06000
|
Size: |
4096
|
|
23C0000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1279359184.00000000023C0000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
23C0000
|
Size: |
4096
|
|
2D5B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1369166301.0000000002D5B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D5B000
|
Size: |
4096
|
|
2CF5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1369448768.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CF5000
|
Size: |
20480
|
|
2D01000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1309017688.0000000002D01000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D01000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
2D01000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1309300272.0000000002D01000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D01000
|
Size: |
8192
|
|
3071000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1369098129.0000000003071000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3071000
|
Size: |
471040
|
|
2CE7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1363716076.0000000002CE7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CE7000
|
Size: |
12288
|
|
2CFB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1400993292.0000000002CFB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFB000
|
Size: |
12288
|
|
6CB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1278903335.00000000006CB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6CB000
|
Size: |
217088
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351504370.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
705000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1401175680.0000000000705000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
705000
|
Size: |
4096
|
|
2D15000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335994149.0000000002D15000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D15000
|
Size: |
8192
|
|
2D56000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335809384.0000000002D56000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D56000
|
Size: |
4096
|
|
2D09000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308880700.0000000002D09000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D09000
|
Size: |
65536
|
|
6CB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650981832.00000000006CB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6CB000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1337357442.0000000002FB0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FB0000
|
Size: |
4096
|
|
2D3F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1336212262.0000000002D3F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3F000
|
Size: |
73728
|
|
2D1A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320542190.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1A000
|
Size: |
8192
|
|
2CFE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349403083.0000000002CFE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFE000
|
Size: |
20480
|
|
2D5E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335631336.0000000002D5E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D5E000
|
Size: |
12288
|
|
6BB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1278903335.00000000006BB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6BB000
|
Size: |
36864
|
|
2D27000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349246501.0000000002D27000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D27000
|
Size: |
143360
|
|
2CFD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1309017688.0000000002CFD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFD000
|
Size: |
4096
|
|
4D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650756047.00000000004D0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4D0000
|
Size: |
4096
|
|
2F4F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651995643.0000000002F4F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2F4F000
|
Size: |
4096
|
|
2CF7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352355984.0000000002CF7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CF7000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351633800.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
74C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352139150.000000000074C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
74C000
|
Size: |
77824
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
2D15000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1364774092.0000000002D15000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D15000
|
Size: |
8192
|
|
2250000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651561308.0000000002250000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2250000
|
Size: |
12288
|
|
2D26000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320766934.0000000002D26000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D26000
|
Size: |
4096
|
|
2D3F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320401126.0000000002D3F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3F000
|
Size: |
4096
|
|
2D3D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320766934.0000000002D3D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3D000
|
Size: |
8192
|
|
2D27000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321165449.0000000002D27000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D27000
|
Size: |
8192
|
|
2B7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651747952.0000000002B7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2B7E000
|
Size: |
8192
|
|
2D3B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321013631.0000000002D3B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3B000
|
Size: |
16384
|
|
2D46000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335994149.0000000002D46000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D46000
|
Size: |
4096
|
|
2D2F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320766934.0000000002D2F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D2F000
|
Size: |
4096
|
|
5FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650826976.00000000005FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5FE000
|
Size: |
8192
|
|
708000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352285940.0000000000708000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
708000
|
Size: |
278528
|
|
708000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1363898461.0000000000708000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
708000
|
Size: |
274432
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.1650657076.0000000000400000.00000040.00000001.01000000.00000004.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
400000
|
Size: |
327680
|
|
678000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.1650950894.0000000000678000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
678000
|
Size: |
204800
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Yara signature match |
System Summary |
|
|
2D21000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308666043.0000000002D21000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D21000
|
Size: |
8192
|
|
2D1F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320766934.0000000002D1F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1F000
|
Size: |
8192
|
|
66E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650866440.000000000066E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
66E000
|
Size: |
40960
|
|
73D0D000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1652108558.0000000073D0D000.00000004.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
73D0D000
|
Size: |
8192
|
|
6D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650981832.00000000006D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
94208
|
|
4B3000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.1650733773.00000000004B3000.00000002.00000001.01000000.00000004.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
4B3000
|
Size: |
102400
|
|
6F6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352285940.00000000006F6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6F6000
|
Size: |
45056
|
|
2D33000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308401458.0000000002D33000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D33000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1363898461.00000000006D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
94208
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
85F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651306589.000000000085F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
85F000
|
Size: |
4096
|
|
95F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651349857.000000000095F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
95F000
|
Size: |
4096
|
|
2CFE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352839544.0000000002CFE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFE000
|
Size: |
184320
|
|
2D58000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352656977.0000000002D58000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D58000
|
Size: |
4096
|
|
2CF0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349443041.0000000002CF0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CF0000
|
Size: |
4096
|
|
23C0000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1279379139.00000000023C0000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
23C0000
|
Size: |
4096
|
|
2D0E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1374856783.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0E000
|
Size: |
339968
|
|
73D06000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.1652089981.0000000073D06000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
73D06000
|
Size: |
28672
|
|
2E4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651977551.0000000002E4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2E4E000
|
Size: |
8192
|
|
2D19000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308475442.0000000002D19000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D19000
|
Size: |
8192
|
|
2CFE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351668609.0000000002CFE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFE000
|
Size: |
4096
|
|
2D22000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321165449.0000000002D22000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D22000
|
Size: |
4096
|
|
2D2B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321013631.0000000002D2B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D2B000
|
Size: |
45056
|
|
2CE3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308233495.0000000002CE3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CE3000
|
Size: |
221184
|
|
2D0E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351398085.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0E000
|
Size: |
4096
|
|
2CFE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349827916.0000000002CFE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFE000
|
Size: |
4096
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351364308.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2CE7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1368714691.0000000002CE7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CE7000
|
Size: |
32768
|
|
2CFE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351980903.0000000002CFE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFE000
|
Size: |
4096
|
|
2D09000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1309300272.0000000002D09000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D09000
|
Size: |
65536
|
|
2D62000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1374856783.0000000002D62000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D62000
|
Size: |
81920
|
|
6CA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352162990.00000000006CA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6CA000
|
Size: |
12288
|
|
2FD0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1337357442.0000000002FD0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FD0000
|
Size: |
4096
|
|
2D3F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1309247143.0000000002D3F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3F000
|
Size: |
4096
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349972532.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
705000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650981832.0000000000705000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
705000
|
Size: |
4096
|
|
2CFE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350605861.0000000002CFE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFE000
|
Size: |
4096
|
|
2D09000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308579550.0000000002D09000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D09000
|
Size: |
65536
|
|
2D3E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352839544.0000000002D3E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3E000
|
Size: |
4096
|
|
2D0E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350862449.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0E000
|
Size: |
4096
|
|
6C6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650981832.00000000006C6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6C6000
|
Size: |
16384
|
|
2CF4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320572337.0000000002CF4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CF4000
|
Size: |
53248
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350119398.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2D2E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335994149.0000000002D2E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D2E000
|
Size: |
4096
|
|
2CEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320515584.0000000002CEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CEB000
|
Size: |
90112
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
30E8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1337357442.00000000030E8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
30E8000
|
Size: |
4096
|
|
2D7B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1368654135.0000000002D7B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D7B000
|
Size: |
245760
|
|
2D58000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1309191170.0000000002D58000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D58000
|
Size: |
139264
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350934332.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
8192
|
|
6F6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352162990.00000000006F6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6F6000
|
Size: |
45056
|
|
752000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1401075229.0000000000752000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
752000
|
Size: |
53248
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350540189.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2D13000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320766934.0000000002D13000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D13000
|
Size: |
4096
|
|
2D2E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1336212262.0000000002D2E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D2E000
|
Size: |
8192
|
|
2D62000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1400918268.0000000002D62000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D62000
|
Size: |
81920
|
|
3020000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1337357442.0000000003020000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3020000
|
Size: |
4096
|
|
2100000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.1651366354.0000000002100000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
2100000
|
Size: |
339968
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Yara signature match |
System Summary |
|
|
2E00000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651959841.0000000002E00000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E00000
|
Size: |
4096
|
|
749000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352372989.0000000000749000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
749000
|
Size: |
12288
|
|
2D42000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651889799.0000000002D42000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D42000
|
Size: |
126976
|
|
2D46000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1364774092.0000000002D46000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D46000
|
Size: |
4096
|
|
752000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352738637.0000000000752000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
752000
|
Size: |
20480
|
|
2D19000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320766934.0000000002D19000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D19000
|
Size: |
8192
|
|
2D0D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1368843732.0000000002D0D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0D000
|
Size: |
294912
|
|
6E9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1401175680.00000000006E9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6E9000
|
Size: |
49152
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350574601.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2D29000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320766934.0000000002D29000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D29000
|
Size: |
8192
|
|
73CF1000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000004.00000002.1652068943.0000000073CF1000.00000020.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
73CF1000
|
Size: |
86016
|
|
3058000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1337357442.0000000003058000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3058000
|
Size: |
4096
|
|
2CEA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335769155.0000000002CEA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CEA000
|
Size: |
20480
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350826791.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
5B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650774277.00000000005B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5B0000
|
Size: |
8192
|
|
2D4A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320668024.0000000002D4A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D4A000
|
Size: |
20480
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
2D5F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335935785.0000000002D5F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D5F000
|
Size: |
143360
|
|
2D51000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308922639.0000000002D51000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D51000
|
Size: |
8192
|
|
2D07000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349246501.0000000002D07000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D07000
|
Size: |
24576
|
|
6AA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650981832.00000000006AA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6AA000
|
Size: |
49152
|
|
2D24000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308475442.0000000002D24000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D24000
|
Size: |
4096
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349758752.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2CFD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1309109181.0000000002CFD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFD000
|
Size: |
4096
|
|
2F70000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1652013678.0000000002F70000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2F70000
|
Size: |
253952
|
|
2D16000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1336684334.0000000002D16000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D16000
|
Size: |
4096
|
|
2CCF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651783664.0000000002CCF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2CCF000
|
Size: |
4096
|
|
74A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651220721.000000000074A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
74A000
|
Size: |
4096
|
|
6F6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1401175680.00000000006F6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6F6000
|
Size: |
45056
|
|
2D06000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349385568.0000000002D06000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D06000
|
Size: |
4096
|
|
2D09000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1309086614.0000000002D09000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D09000
|
Size: |
65536
|
|
2CFF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651799702.0000000002CFF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFF000
|
Size: |
28672
|
|
2D1A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321013631.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1A000
|
Size: |
8192
|
|
74B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352738637.000000000074B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
74B000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2D00000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1368843732.0000000002D00000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D00000
|
Size: |
20480
|
|
2CF5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335769155.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CF5000
|
Size: |
24576
|
|
2CF1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349317494.0000000002CF1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CF1000
|
Size: |
73728
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2F79000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1337357442.0000000002F79000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2F79000
|
Size: |
4096
|
|
2D5F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352656977.0000000002D5F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D5F000
|
Size: |
12288
|
|
2CF5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1336559514.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CF5000
|
Size: |
36864
|
|
2CFC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352561733.0000000002CFC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFC000
|
Size: |
8192
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351222847.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349725716.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2D4B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321013631.0000000002D4B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D4B000
|
Size: |
4096
|
|
2A7D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651721203.0000000002A7D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2A7D000
|
Size: |
12288
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351835492.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
708000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650981832.0000000000708000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
708000
|
Size: |
249856
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
2CF5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1363716076.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CF5000
|
Size: |
36864
|
|
3071000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1400849103.0000000003071000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3071000
|
Size: |
561152
|
|
2D79000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651889799.0000000002D79000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D79000
|
Size: |
98304
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351327043.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
74C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1401075229.000000000074C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
74C000
|
Size: |
8192
|
|
2D21000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308922639.0000000002D21000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D21000
|
Size: |
8192
|
|
2D55000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321165449.0000000002D55000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D55000
|
Size: |
16384
|
|
2D51000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308666043.0000000002D51000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D51000
|
Size: |
8192
|
|
2D71000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321301396.0000000002D71000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D71000
|
Size: |
8192
|
|
2D5B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320668024.0000000002D5B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D5B000
|
Size: |
143360
|
|
2D20000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1375115042.0000000002D20000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D20000
|
Size: |
266240
|
|
757000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352269003.0000000000757000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
757000
|
Size: |
32768
|
|
2D40000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321301396.0000000002D40000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D40000
|
Size: |
12288
|
|
2D0E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350605861.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0E000
|
Size: |
4096
|
|
2160000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651427776.0000000002160000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2160000
|
Size: |
4096
|
|
2D00000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1368714691.0000000002D00000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D00000
|
Size: |
20480
|
|
2D0E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351116858.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0E000
|
Size: |
4096
|
|
23F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651652206.00000000023F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
23F0000
|
Size: |
12288
|
|
2D0E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349548460.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0E000
|
Size: |
4096
|
|
2D01000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1309109181.0000000002D01000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D01000
|
Size: |
8192
|
|
2D5C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1368654135.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D5C000
|
Size: |
118784
|
|
752000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1363898461.0000000000752000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
752000
|
Size: |
53248
|
|
2D37000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1364774092.0000000002D37000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D37000
|
Size: |
8192
|
|
2D24000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321165449.0000000002D24000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D24000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
2D05000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352481993.0000000002D05000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D05000
|
Size: |
8192
|
|
2CE7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349443041.0000000002CE7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CE7000
|
Size: |
28672
|
|
2D01000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320488585.0000000002D01000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D01000
|
Size: |
73728
|
|
235D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651578894.000000000235D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
235D000
|
Size: |
12288
|
|
2D0D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1368714691.0000000002D0D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0D000
|
Size: |
294912
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351081017.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350708994.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2CFB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1401129913.0000000002CFB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFB000
|
Size: |
12288
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351015103.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2D32000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320766934.0000000002D32000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D32000
|
Size: |
8192
|
|
2D87000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335631336.0000000002D87000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D87000
|
Size: |
20480
|
|
1F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650611828.00000000001F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1F0000
|
Size: |
16384
|
|
2CFD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1309300272.0000000002CFD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFD000
|
Size: |
4096
|
|
750000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352545477.0000000000750000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
750000
|
Size: |
28672
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350404506.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
8192
|
|
2D14000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321301396.0000000002D14000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D14000
|
Size: |
4096
|
|
2CFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1368843732.0000000002CFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFA000
|
Size: |
16384
|
|
2CE7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1400993292.0000000002CE7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CE7000
|
Size: |
8192
|
|
2CF0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320747371.0000000002CF0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CF0000
|
Size: |
16384
|
|
2CFE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349548460.0000000002CFE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFE000
|
Size: |
4096
|
|
2D0E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352050247.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0E000
|
Size: |
4096
|
|
2D0E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351980903.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0E000
|
Size: |
4096
|
|
2D6F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321301396.0000000002D6F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D6F000
|
Size: |
4096
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351462082.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
8192
|
|
2D0D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1400993292.0000000002D0D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0D000
|
Size: |
4096
|
|
283D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651669338.000000000283D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
283D000
|
Size: |
12288
|
|
2CFE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350862449.0000000002CFE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFE000
|
Size: |
4096
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349683572.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350506394.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2D4E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335809384.0000000002D4E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D4E000
|
Size: |
4096
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350073339.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2D0D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1369448768.0000000002D0D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0D000
|
Size: |
4096
|
|
660000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650866440.0000000000660000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
660000
|
Size: |
36864
|
|
2CFC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1369448768.0000000002CFC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFC000
|
Size: |
8192
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350746394.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2D16000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352481993.0000000002D16000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D16000
|
Size: |
8192
|
|
223E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651525298.000000000223E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
223E000
|
Size: |
8192
|
|
2CFE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335232368.0000000002CFE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFE000
|
Size: |
4096
|
|
2D5B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1368843732.0000000002D5B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D5B000
|
Size: |
4096
|
|
745000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1401075229.0000000000745000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
745000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351184683.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
8192
|
|
2D71000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352656977.0000000002D71000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D71000
|
Size: |
8192
|
|
2240000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651543207.0000000002240000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2240000
|
Size: |
16384
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350781518.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
293F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651685638.000000000293F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
293F000
|
Size: |
4096
|
|
2D3E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1400918268.0000000002D3E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3E000
|
Size: |
143360
|
|
3048000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1337357442.0000000003048000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3048000
|
Size: |
4096
|
|
6D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1401175680.00000000006D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
94208
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350977674.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349902238.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
8192
|
|
6D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352162990.00000000006D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
94208
|
|
2F7F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1337357442.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2F7F000
|
Size: |
8192
|
|
2D36000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352481993.0000000002D36000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D36000
|
Size: |
4096
|
|
6CA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1363898461.00000000006CA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6CA000
|
Size: |
12288
|
|
6B4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1278988702.00000000006B4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6B4000
|
Size: |
8192
|
|
2CFB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1374997089.0000000002CFB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFB000
|
Size: |
12288
|
|
2CEF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335485675.0000000002CEF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CEF000
|
Size: |
61440
|
|
2D0D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1401129913.0000000002D0D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0D000
|
Size: |
4096
|
|
6BA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1278988702.00000000006BA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6BA000
|
Size: |
4096
|
|
2D3F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352767040.0000000002D3F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3F000
|
Size: |
8192
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351046269.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2D1A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1309247143.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1A000
|
Size: |
4096
|
|
2D30000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1309247143.0000000002D30000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D30000
|
Size: |
12288
|
|
2CFB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1309109181.0000000002CFB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFB000
|
Size: |
4096
|
|
9B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650564804.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B000
|
Size: |
20480
|
|
2D79000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1400918268.0000000002D79000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D79000
|
Size: |
98304
|
|
2D00000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335232368.0000000002D00000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D00000
|
Size: |
24576
|
|
2D36000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335994149.0000000002D36000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D36000
|
Size: |
4096
|
|
2D01000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321427865.0000000002D01000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D01000
|
Size: |
12288
|
|
2D06000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349317494.0000000002D06000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D06000
|
Size: |
4096
|
|
2D4F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308922639.0000000002D4F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D4F000
|
Size: |
4096
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350022595.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
239E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651633312.000000000239E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
239E000
|
Size: |
8192
|
|
2CFE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352050247.0000000002CFE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFE000
|
Size: |
4096
|
|
2D1B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335994149.0000000002D1B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1B000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2D4E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335935785.0000000002D4E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D4E000
|
Size: |
16384
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349641910.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
8192
|
|
2D27000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1364774092.0000000002D27000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D27000
|
Size: |
4096
|
|
2D37000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321165449.0000000002D37000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D37000
|
Size: |
118784
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351912192.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
4B3000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000000.1270775618.00000000004B3000.00000002.00000001.01000000.00000004.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
4B3000
|
Size: |
102400
|
|
2D06000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349354663.0000000002D06000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D06000
|
Size: |
4096
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351596961.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350670671.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
8192
|
|
2CFE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350153835.0000000002CFE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFE000
|
Size: |
4096
|
|
2D21000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308296354.0000000002D21000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D21000
|
Size: |
4096
|
|
2D81000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352656977.0000000002D81000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D81000
|
Size: |
57344
|
|
2D0D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1374997089.0000000002D0D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0D000
|
Size: |
4096
|
|
66A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650866440.000000000066A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
66A000
|
Size: |
8192
|
|
2D3F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1364774092.0000000002D3F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3F000
|
Size: |
4096
|
|
21BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651445426.00000000021BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
21BE000
|
Size: |
8192
|
|
2D37000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320766934.0000000002D37000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D37000
|
Size: |
8192
|
|
703000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1278903335.0000000000703000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
703000
|
Size: |
102400
|
|
6BA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650981832.00000000006BA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6BA000
|
Size: |
45056
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
2D0B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321427865.0000000002D0B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0B000
|
Size: |
32768
|
|
2D48000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1309191170.0000000002D48000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D48000
|
Size: |
8192
|
|
2D35000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320766934.0000000002D35000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D35000
|
Size: |
4096
|
|
74C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651220721.000000000074C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
74C000
|
Size: |
12288
|
|
2D4B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308401458.0000000002D4B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D4B000
|
Size: |
139264
|
|
2CF3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1309017688.0000000002CF3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CF3000
|
Size: |
36864
|
|
6E9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352162990.00000000006E9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6E9000
|
Size: |
49152
|
|
21FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651507195.00000000021FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
21FE000
|
Size: |
8192
|
|
2D5B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1368714691.0000000002D5B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D5B000
|
Size: |
4096
|
|
757000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1364718126.0000000000757000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
757000
|
Size: |
32768
|
|
2D0E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351668609.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0E000
|
Size: |
4096
|
|
2D0D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651799702.0000000002D0D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0D000
|
Size: |
4096
|
|
2F71000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352605266.0000000002F71000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2F71000
|
Size: |
249856
|
|
2CF5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349443041.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CF5000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2D2B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308475442.0000000002D2B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D2B000
|
Size: |
4096
|
|
6CA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1401175680.00000000006CA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6CA000
|
Size: |
12288
|
|
2CF5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1374997089.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CF5000
|
Size: |
20480
|
|
2D79000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1374856783.0000000002D79000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D79000
|
Size: |
98304
|
|
2D09000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320401126.0000000002D09000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D09000
|
Size: |
65536
|
|
2CFF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1374997089.0000000002CFF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFF000
|
Size: |
24576
|
|
23C0000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1279402424.00000000023C0000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
23C0000
|
Size: |
4096
|
|
2D18000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349246501.0000000002D18000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D18000
|
Size: |
24576
|
|
2D57000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352767040.0000000002D57000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D57000
|
Size: |
4096
|
|
2D00000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1369448768.0000000002D00000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D00000
|
Size: |
20480
|
|
74C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1363898461.000000000074C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
74C000
|
Size: |
8192
|
|
3108000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1411516896.0000000003108000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3108000
|
Size: |
557056
|
|
2D8F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335631336.0000000002D8F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D8F000
|
Size: |
4096
|
|
2D16000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1336613300.0000000002D16000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D16000
|
Size: |
4096
|
|
459000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.1650657076.0000000000459000.00000040.00000001.01000000.00000004.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
459000
|
Size: |
16384
|
|
2D91000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1352656977.0000000002D91000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D91000
|
Size: |
4096
|
|
2D51000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321301396.0000000002D51000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D51000
|
Size: |
118784
|
|
2CF5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1400993292.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CF5000
|
Size: |
20480
|
|
3A85000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1369240625.0000000003A85000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A85000
|
Size: |
577536
|
|
2D31000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308922639.0000000002D31000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D31000
|
Size: |
118784
|
|
6F6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1363898461.00000000006F6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6F6000
|
Size: |
45056
|
|
2CD0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651799702.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CD0000
|
Size: |
94208
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2D0B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321135220.0000000002D0B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0B000
|
Size: |
32768
|
|
446000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000004.00000000.1270743593.0000000000446000.00000008.00000001.01000000.00000004.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
446000
|
Size: |
4096
|
|
2D3E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335994149.0000000002D3E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3E000
|
Size: |
4096
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308666043.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
8192
|
|
2D45000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1320668024.0000000002D45000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D45000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
443000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000000.1270727694.0000000000443000.00000002.00000001.01000000.00000004.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
443000
|
Size: |
12288
|
|
2D5F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1336212262.0000000002D5F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D5F000
|
Size: |
4096
|
|
2CFB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349354663.0000000002CFB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFB000
|
Size: |
32768
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2D30000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308475442.0000000002D30000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D30000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351949064.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2CFB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308263614.0000000002CFB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFB000
|
Size: |
122880
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351544432.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
73D0F000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.1652125971.0000000073D0F000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
73D0F000
|
Size: |
12288
|
|
2D15000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335809384.0000000002D15000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D15000
|
Size: |
8192
|
|
2CF5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1368714691.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CF5000
|
Size: |
36864
|
|
2D3B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308401458.0000000002D3B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3B000
|
Size: |
12288
|
|
3050000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1337357442.0000000003050000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3050000
|
Size: |
4096
|
|
2F98000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1337357442.0000000002F98000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2F98000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2D4F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308666043.0000000002D4F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D4F000
|
Size: |
4096
|
|
2D0E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1349827916.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0E000
|
Size: |
4096
|
|
708000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1401175680.0000000000708000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
708000
|
Size: |
249856
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
2D29000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1321301396.0000000002D29000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D29000
|
Size: |
16384
|
|
2D3E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1363691644.0000000002D3E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3E000
|
Size: |
4096
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351878122.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
2CE9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1374997089.0000000002CE9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CE9000
|
Size: |
45056
|
|
2CFF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1400993292.0000000002CFF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFF000
|
Size: |
24576
|
|
73CF0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.1652050720.0000000073CF0000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
73CF0000
|
Size: |
4096
|
|
2CFB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1336613300.0000000002CFB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFB000
|
Size: |
12288
|
|
19B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650592321.000000000019B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
19B000
|
Size: |
20480
|
|
2D6F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335631336.0000000002D6F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D6F000
|
Size: |
81920
|
|
2D31000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1308666043.0000000002D31000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D31000
|
Size: |
118784
|
|
2CF6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651799702.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CF6000
|
Size: |
16384
|
|
2D0E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1350153835.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D0E000
|
Size: |
4096
|
|
2D16000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1336559514.0000000002D16000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D16000
|
Size: |
4096
|
|
400000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000000.1270657090.0000000000400000.00000002.00000001.01000000.00000004.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
400000
|
Size: |
4096
|
|
2D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1351295414.0000000002D1E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
4096
|
|
752000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1651220721.0000000000752000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
752000
|
Size: |
53248
|
|
6E9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1650981832.00000000006E9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6E9000
|
Size: |
49152
|
|
2CFB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1335512583.0000000002CFB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFB000
|
Size: |
12288
|
|