3F29000
|
trusted library allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000002.2270826408.0000000003F29000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3F29000
|
Size: |
888832
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
B22000
|
unkown
|
page readonly
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000000.2078075956.0000000000B22000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
B22000
|
Size: |
217088
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
15F2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322586530.00000000015F2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
15F2000
|
Size: |
94208
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
2F21000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269708774.0000000002F21000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2F21000
|
Size: |
53248
|
|
316E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322967183.000000000316E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
316E000
|
Size: |
8192
|
|
FA0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2268293841.0000000000FA0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
FA0000
|
Size: |
4096
|
|
14D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322353556.00000000014D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
14D0000
|
Size: |
8192
|
|
1174000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2268570926.0000000001174000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1174000
|
Size: |
4096
|
|
2F1E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269655332.0000000002F1E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2F1E000
|
Size: |
8192
|
|
11FE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269028428.00000000011FE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11FE000
|
Size: |
102400
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
15DD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322483633.00000000015DD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
15DD000
|
Size: |
49152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
1686000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322896650.0000000001686000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1686000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
1170000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2268538058.0000000001170000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1170000
|
Size: |
4096
|
|
53B4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2271334414.00000000053B4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
53B4000
|
Size: |
8192
|
|
53F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2271532582.00000000053F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
53F0000
|
Size: |
32768
|
|
3F21000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2270826408.0000000003F21000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3F21000
|
Size: |
20480
|
|
119A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2268759340.000000000119A000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
119A000
|
Size: |
4096
|
|
14EF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269419645.00000000014EF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
14EF000
|
Size: |
4096
|
|
3DFC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323300956.0000000003DFC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3DFC000
|
Size: |
32768
|
|
B5C000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2078116313.0000000000B5C000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
B5C000
|
Size: |
335872
|
|
501E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2271191993.000000000501E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
501E000
|
Size: |
8192
|
|
1180000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2268616497.0000000001180000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1180000
|
Size: |
12288
|
|
10DB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322200644.00000000010DB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
10DB000
|
Size: |
20480
|
|
1580000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269529603.0000000001580000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1580000
|
Size: |
4096
|
|
115E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2268501029.000000000115E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
115E000
|
Size: |
8192
|
|
1197000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2268740693.0000000001197000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
1197000
|
Size: |
4096
|
|
14CE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322333699.00000000014CE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
14CE000
|
Size: |
8192
|
|
1173000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2268554408.0000000001173000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
1173000
|
Size: |
4096
|
|
1080000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2268316398.0000000001080000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1080000
|
Size: |
16384
|
|
1085000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2268316398.0000000001085000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1085000
|
Size: |
12288
|
|
1570000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269506319.0000000001570000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1570000
|
Size: |
65536
|
|
3E67000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323488274.0000000003E67000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3E67000
|
Size: |
8192
|
|
11A7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2268822589.00000000011A7000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
11A7000
|
Size: |
4096
|
|
3E52000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323442271.0000000003E52000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3E52000
|
Size: |
28672
|
|
3DD2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323300956.0000000003DD2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3DD2000
|
Size: |
143360
|
|
152E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269468039.000000000152E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
152E000
|
Size: |
8192
|
|
53C9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2271334414.00000000053C9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
53C9000
|
Size: |
4096
|
|
E3C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2268226899.0000000000E3C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
E3C000
|
Size: |
16384
|
|
3E0F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323300956.0000000003E0F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3E0F000
|
Size: |
16384
|
|
396E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323128894.000000000396E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
396E000
|
Size: |
8192
|
|
1225000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269028428.0000000001225000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1225000
|
Size: |
28672
|
|
3220000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323034894.0000000003220000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3220000
|
Size: |
16384
|
|
160A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322586530.000000000160A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
160A000
|
Size: |
8192
|
|
188E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322923365.000000000188E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
188E000
|
Size: |
8192
|
|
376D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323081964.000000000376D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
376D000
|
Size: |
12288
|
|
53A4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2271334414.00000000053A4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
53A4000
|
Size: |
4096
|
|
1190000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2268721543.0000000001190000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1190000
|
Size: |
4096
|
|
1184000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2268616497.0000000001184000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1184000
|
Size: |
32768
|
|
11AB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2268841974.00000000011AB000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
11AB000
|
Size: |
4096
|
|
366E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323058793.000000000366E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
366E000
|
Size: |
8192
|
|
1515000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322373250.0000000001515000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1515000
|
Size: |
12288
|
|
321D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323008107.000000000321D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
321D000
|
Size: |
12288
|
|
3A6D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323152968.0000000003A6D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3A6D000
|
Size: |
12288
|
|
B20000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2078057777.0000000000B20000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
B20000
|
Size: |
4096
|
|
1160000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2268520632.0000000001160000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1160000
|
Size: |
4096
|
|
5370000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2271275227.0000000005370000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5370000
|
Size: |
86016
|
|
B58000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2078103243.0000000000B58000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
B58000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
5390000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2271313336.0000000005390000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
5390000
|
Size: |
24576
|
|
11D0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2268917705.00000000011D0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
11D0000
|
Size: |
65536
|
|
1670000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269639218.0000000001670000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1670000
|
Size: |
12288
|
|
5362000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2271213162.0000000005362000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5362000
|
Size: |
57344
|
|
156D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269487438.000000000156D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
156D000
|
Size: |
12288
|
|
386E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323107014.000000000386E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
386E000
|
Size: |
8192
|
|
53C6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2271334414.00000000053C6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
53C6000
|
Size: |
4096
|
|
3E73000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323488274.0000000003E73000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3E73000
|
Size: |
16384
|
|
53D5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2271334414.00000000053D5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
53D5000
|
Size: |
36864
|
|
1650000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269624321.0000000001650000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1650000
|
Size: |
4096
|
|
3EBA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323610771.0000000003EBA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3EBA000
|
Size: |
4096
|
|
3E78000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323488274.0000000003E78000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3E78000
|
Size: |
4096
|
|
3ACE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323174632.0000000003ACE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3ACE000
|
Size: |
8192
|
|
1510000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322373250.0000000001510000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1510000
|
Size: |
16384
|
|
11E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2268978812.00000000011E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
11E0000
|
Size: |
49152
|
|
1090000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2268408264.0000000001090000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1090000
|
Size: |
4096
|
|
11DB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322240380.00000000011DB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
11DB000
|
Size: |
20480
|
|
2F2E000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2269730370.0000000002F2E000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
2F2E000
|
Size: |
4096
|
|
40D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323696096.00000000040D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
40D0000
|
Size: |
245760
|
|
121C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269028428.000000000121C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
121C000
|
Size: |
32768
|
|
459000
|
remote allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.2322036264.0000000000459000.00000040.00000400.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute and read and write
|
Base address: |
459000
|
Size: |
16384
|
|
1520000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322417521.0000000001520000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1520000
|
Size: |
4096
|
|
3BCF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323197801.0000000003BCF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3BCF000
|
Size: |
4096
|
|
11A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2268776810.00000000011A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
11A0000
|
Size: |
4096
|
|
1619000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322698373.0000000001619000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1619000
|
Size: |
303104
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
198F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322947576.000000000198F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
198F000
|
Size: |
4096
|
|
128D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269028428.000000000128D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
128D000
|
Size: |
12288
|
|
5410000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2271592792.0000000005410000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
5410000
|
Size: |
4096
|
|
148E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322311312.000000000148E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
148E000
|
Size: |
8192
|
|
160D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322698373.000000000160D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
160D000
|
Size: |
45056
|
|
157D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322438311.000000000157D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
157D000
|
Size: |
12288
|
|
1234000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269028428.0000000001234000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1234000
|
Size: |
245760
|
|
3C2E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323224491.0000000003C2E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3C2E000
|
Size: |
8192
|
|
11C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2268899011.00000000011C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
11C0000
|
Size: |
4096
|
|
15EC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322586530.00000000015EC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
15EC000
|
Size: |
12288
|
|
1598000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269588153.0000000001598000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
1598000
|
Size: |
4096
|
|
3D2F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323245530.0000000003D2F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3D2F000
|
Size: |
4096
|
|
15C8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322483633.00000000015C8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
15C8000
|
Size: |
65536
|
|
1440000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322277881.0000000001440000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1440000
|
Size: |
4096
|
|
111E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2268482870.000000000111E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
111E000
|
Size: |
8192
|
|
3E6C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323488274.0000000003E6C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3E6C000
|
Size: |
12288
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.2322036264.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute and read and write
|
Base address: |
400000
|
Size: |
327680
|
|
31AE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322987442.00000000031AE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
31AE000
|
Size: |
8192
|
|
3ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323632614.0000000003ED0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3ED0000
|
Size: |
126976
|
|
11F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269028428.00000000011F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11F0000
|
Size: |
24576
|
|
1297000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269028428.0000000001297000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1297000
|
Size: |
12288
|
|
1668000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322840328.0000000001668000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1668000
|
Size: |
114688
|
|
2F2F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269774329.0000000002F2F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2F2F000
|
Size: |
5251072
|
|
1230000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269028428.0000000001230000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1230000
|
Size: |
4096
|
|
F38000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2268269482.0000000000F38000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
F38000
|
Size: |
32768
|
|
1218000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269028428.0000000001218000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1218000
|
Size: |
12288
|
|
3E71000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323488274.0000000003E71000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3E71000
|
Size: |
4096
|
|
15BD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322461789.00000000015BD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
15BD000
|
Size: |
12288
|
|
13EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269360032.00000000013EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
13EE000
|
Size: |
8192
|
|
1640000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2269607982.0000000001640000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
1640000
|
Size: |
4096
|
|
53E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2271507352.00000000053E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
53E0000
|
Size: |
36864
|
|
15C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2322483633.00000000015C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
15C0000
|
Size: |
28672
|
|
12AB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269028428.00000000012AB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12AB000
|
Size: |
4096
|
|
3DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323265085.0000000003DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3DC0000
|
Size: |
4096
|
|
3E50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323423330.0000000003E50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3E50000
|
Size: |
4096
|
|
10D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2268464784.00000000010D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
10D0000
|
Size: |
8192
|
|
11F8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2269028428.00000000011F8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11F8000
|
Size: |
16384
|
|
3E63000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2323467903.0000000003E63000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3E63000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|