12E6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1595612507.00000000012E6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E6000
|
Size: |
81920
|
|
3C48000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1543413164.0000000003C48000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C48000
|
Size: |
8192
|
|
3E40000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1633385554.0000000003E40000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3E40000
|
Size: |
241664
|
|
3B50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1633287464.0000000003B50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B50000
|
Size: |
106496
|
|
3B4D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1557800712.0000000003B4D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B4D000
|
Size: |
28672
|
|
3EE7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1544250040.0000000003EE7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3EE7000
|
Size: |
4096
|
|
3B8B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1295458384.0000000003B8B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B8B000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
12BC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1618679339.00000000012BC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12BC000
|
Size: |
4096
|
|
3B4A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1588381635.0000000003B4A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B4A000
|
Size: |
16384
|
|
3BD0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1294005878.0000000003BD0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3BD0000
|
Size: |
8192
|
|
3B76000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1294984513.0000000003B76000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B76000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
3B4A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1595641129.0000000003B4A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B4A000
|
Size: |
16384
|
|
3B4A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559711791.0000000003B4A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B4A000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
E70000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.1503408202.0000000000E70000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
E70000
|
Size: |
4096
|
|
EE5000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000004.00000000.1266535187.0000000000EE5000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
EE5000
|
Size: |
4096
|
|
3B53000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1293898700.0000000003B53000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B53000
|
Size: |
122880
|
|
3B5C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529755303.0000000003B5C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B5C000
|
Size: |
12288
|
|
3E97000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1544250040.0000000003E97000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3E97000
|
Size: |
4096
|
|
3C61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1558948581.0000000003C61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C61000
|
Size: |
4096
|
|
E84000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000000.1266478010.0000000000E84000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
E84000
|
Size: |
28672
|
|
3C67000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1543175665.0000000003C67000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C67000
|
Size: |
8192
|
|
302D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632822136.000000000302D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
302D000
|
Size: |
12288
|
|
3B4C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1584484657.0000000003B4C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B4C000
|
Size: |
61440
|
|
3C50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1557926116.0000000003C50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C50000
|
Size: |
8192
|
|
3C56000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1618634260.0000000003C56000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C56000
|
Size: |
172032
|
|
2FEE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632805286.0000000002FEE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2FEE000
|
Size: |
8192
|
|
3C41000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1595256226.0000000003C41000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C41000
|
Size: |
290816
|
|
3B7C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560029071.0000000003B7C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B7C000
|
Size: |
12288
|
|
3B5B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1584361687.0000000003B5B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B5B000
|
Size: |
4096
|
|
3C50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1558657570.0000000003C50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C50000
|
Size: |
8192
|
|
3B63000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529755303.0000000003B63000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B63000
|
Size: |
8192
|
|
1293000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1266774523.0000000001293000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1293000
|
Size: |
12288
|
|
126C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1279513096.000000000126C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
126C000
|
Size: |
212992
|
|
EE8000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000004.00000000.1266535187.0000000000EE8000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
EE8000
|
Size: |
4096
|
|
3E46000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1544250040.0000000003E46000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3E46000
|
Size: |
8192
|
|
45C000
|
remote allocation
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.1632121462.000000000045C000.00000040.00000400.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute and read and write
|
Base address: |
45C000
|
Size: |
24576
|
|
12D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1588438643.00000000012D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12D0000
|
Size: |
40960
|
|
12E4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1588301526.00000000012E4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E4000
|
Size: |
4096
|
|
12A6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1584530133.00000000012A6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12A6000
|
Size: |
8192
|
|
13D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632686892.00000000013D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
13D0000
|
Size: |
4096
|
|
E71000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000004.00000002.1632205712.0000000000E71000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
E71000
|
Size: |
77824
|
|
3B4D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559711791.0000000003B4D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B4D000
|
Size: |
28672
|
|
3B78000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529448365.0000000003B78000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B78000
|
Size: |
4096
|
|
3B7B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1295638393.0000000003B7B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B7B000
|
Size: |
8192
|
|
12BD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559487979.00000000012BD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12BD000
|
Size: |
118784
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
3B55000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1557800712.0000000003B55000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B55000
|
Size: |
28672
|
|
13DE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1503784879.00000000013DE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
13DE000
|
Size: |
81920
|
|
3BA9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1294338961.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3BA9000
|
Size: |
4096
|
|
3B53000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1528684635.0000000003B53000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B53000
|
Size: |
57344
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
122D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1276217252.000000000122D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
122D000
|
Size: |
94208
|
|
12F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1544222878.00000000012F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12F5000
|
Size: |
20480
|
|
3C61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1558497629.0000000003C61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C61000
|
Size: |
4096
|
|
12B7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1293612240.00000000012B7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12B7000
|
Size: |
20480
|
|
3B68000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529448365.0000000003B68000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B68000
|
Size: |
8192
|
|
3C61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1558887875.0000000003C61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C61000
|
Size: |
4096
|
|
3B94000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529448365.0000000003B94000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B94000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
E8B000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1503493144.0000000000E8B000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
E8B000
|
Size: |
348160
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
LummaC encrypted strings found |
HIPS / PFW / Operating System Protection Evasion |
Deobfuscate/Decode Files or Information
|
|
3BB0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1294005878.0000000003BB0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3BB0000
|
Size: |
126976
|
|
3B88000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1295638393.0000000003B88000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B88000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
12E5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1595467129.00000000012E5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E5000
|
Size: |
86016
|
|
1229000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1276217252.0000000001229000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1229000
|
Size: |
4096
|
|
3BA9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1294984513.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3BA9000
|
Size: |
4096
|
|
3C59000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1543413164.0000000003C59000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C59000
|
Size: |
73728
|
|
3B74000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1543086944.0000000003B74000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B74000
|
Size: |
16384
|
|
3B58000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1295638393.0000000003B58000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B58000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
3E41000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559929071.0000000003E41000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3E41000
|
Size: |
237568
|
|
3C61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1558596378.0000000003C61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C61000
|
Size: |
4096
|
|
E8B000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000004.00000000.1266492630.0000000000E8B000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
E8B000
|
Size: |
352256
|
|
39D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1633101823.00000000039D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
39D0000
|
Size: |
4096
|
|
12F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1557957762.00000000012F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12F5000
|
Size: |
20480
|
|
EE2000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.1503595909.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
EE2000
|
Size: |
12288
|
|
1253000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632344310.0000000001253000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1253000
|
Size: |
327680
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
388D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632961840.000000000388D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
388D000
|
Size: |
12288
|
|
126B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1588501158.000000000126B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
126B000
|
Size: |
229376
|
|
12ED000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529897506.00000000012ED000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12ED000
|
Size: |
20480
|
|
3B5C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1295638393.0000000003B5C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B5C000
|
Size: |
12288
|
|
3B74000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529302604.0000000003B74000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B74000
|
Size: |
118784
|
|
3F0F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1544250040.0000000003F0F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3F0F000
|
Size: |
4096
|
|
12D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560595868.00000000012D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12D0000
|
Size: |
40960
|
|
12C1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1588301526.00000000012C1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12C1000
|
Size: |
28672
|
|
3B55000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1542881396.0000000003B55000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B55000
|
Size: |
28672
|
|
3BA7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1294984513.0000000003BA7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3BA7000
|
Size: |
4096
|
|
12EE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1557701021.00000000012EE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12EE000
|
Size: |
20480
|
|
3F40000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1618632948.0000000003F40000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3F40000
|
Size: |
557056
|
|
3C50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559376862.0000000003C50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C50000
|
Size: |
8192
|
|
3B88000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1295967386.0000000003B88000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B88000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3C50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1558887875.0000000003C50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C50000
|
Size: |
8192
|
|
12BB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1588411432.00000000012BB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12BB000
|
Size: |
12288
|
|
12BB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559487979.00000000012BB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12BB000
|
Size: |
4096
|
|
374E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632930218.000000000374E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
374E000
|
Size: |
8192
|
|
12DE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559755940.00000000012DE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DE000
|
Size: |
4096
|
|
EE2000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.1632280142.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
EE2000
|
Size: |
12288
|
|
122D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632344310.000000000122D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
122D000
|
Size: |
94208
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
E70000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.1632189229.0000000000E70000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
E70000
|
Size: |
4096
|
|
3B71000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1295967386.0000000003B71000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B71000
|
Size: |
4096
|
|
12F3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529897506.00000000012F3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12F3000
|
Size: |
12288
|
|
3B64000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529302604.0000000003B64000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B64000
|
Size: |
8192
|
|
3BA3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1295458384.0000000003BA3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3BA3000
|
Size: |
139264
|
|
1227000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1276217252.0000000001227000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1227000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3B4A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1528704318.0000000003B4A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B4A000
|
Size: |
4096
|
|
EE5000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000004.00000002.1632297655.0000000000EE5000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
EE5000
|
Size: |
4096
|
|
3C61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559281250.0000000003C61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C61000
|
Size: |
4096
|
|
12CA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560431436.00000000012CA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12CA000
|
Size: |
65536
|
|
3B5A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1528931275.0000000003B5A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B5A000
|
Size: |
8192
|
|
3050000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1267126884.0000000003050000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
3050000
|
Size: |
4096
|
|
3A1E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1633118876.0000000003A1E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3A1E000
|
Size: |
8192
|
|
E70000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1259411308.0000000000E70000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
E70000
|
Size: |
4096
|
|
12CE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1595467129.00000000012CE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12CE000
|
Size: |
49152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
12BC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1557986513.00000000012BC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12BC000
|
Size: |
122880
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
3B92000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1295458384.0000000003B92000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B92000
|
Size: |
16384
|
|
3BAC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1542993729.0000000003BAC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3BAC000
|
Size: |
4096
|
|
12DE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1584407261.00000000012DE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DE000
|
Size: |
12288
|
|
3B89000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1296187204.0000000003B89000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B89000
|
Size: |
45056
|
|
3E5F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1544250040.0000000003E5F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3E5F000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
12BC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1543311993.00000000012BC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12BC000
|
Size: |
122880
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
3C50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559159493.0000000003C50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C50000
|
Size: |
8192
|
|
73CA1000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000004.00000002.1633441623.0000000073CA1000.00000020.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
73CA1000
|
Size: |
86016
|
|
16CF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632752220.00000000016CF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
16CF000
|
Size: |
4096
|
|
12DE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559487979.00000000012DE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DE000
|
Size: |
4096
|
|
12DB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1588438643.00000000012DB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DB000
|
Size: |
24576
|
|
3B74000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560320358.0000000003B74000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B74000
|
Size: |
4096
|
|
3B90000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529755303.0000000003B90000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B90000
|
Size: |
4096
|
|
3B78000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1294338961.0000000003B78000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B78000
|
Size: |
12288
|
|
E70000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000000.1266444167.0000000000E70000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
E70000
|
Size: |
4096
|
|
12BE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1618679339.00000000012BE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12BE000
|
Size: |
12288
|
|
1245000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1276217252.0000000001245000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1245000
|
Size: |
8192
|
|
12DE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559608097.00000000012DE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DE000
|
Size: |
4096
|
|
3B74000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1296187204.0000000003B74000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B74000
|
Size: |
4096
|
|
3B74000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529755303.0000000003B74000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B74000
|
Size: |
45056
|
|
3B5A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1528849735.0000000003B5A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B5A000
|
Size: |
8192
|
|
12E3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1543311993.00000000012E3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E3000
|
Size: |
4096
|
|
12DB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559755940.00000000012DB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DB000
|
Size: |
4096
|
|
136E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632640636.000000000136E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
136E000
|
Size: |
8192
|
|
12C7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1293423233.00000000012C7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12C7000
|
Size: |
4096
|
|
EE8000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000004.00000002.1632297655.0000000000EE8000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
EE8000
|
Size: |
4096
|
|
12E2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1528570026.00000000012E2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E2000
|
Size: |
20480
|
|
E8B000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000000.1259471998.0000000000E8B000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
E8B000
|
Size: |
352256
|
|
E3B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632173133.0000000000E3B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
E3B000
|
Size: |
20480
|
|
E84000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1259453927.0000000000E84000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
E84000
|
Size: |
28672
|
|
3B62000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529448365.0000000003B62000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B62000
|
Size: |
8192
|
|
3B83000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1295638393.0000000003B83000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B83000
|
Size: |
4096
|
|
12AB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1588501158.00000000012AB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12AB000
|
Size: |
65536
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
12C9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1293423233.00000000012C9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12C9000
|
Size: |
32768
|
|
3E77000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1544250040.0000000003E77000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3E77000
|
Size: |
4096
|
|
3C61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559159493.0000000003C61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C61000
|
Size: |
4096
|
|
3B5F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529302604.0000000003B5F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B5F000
|
Size: |
4096
|
|
123C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1503672075.000000000123C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
123C000
|
Size: |
16384
|
|
12C7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559755940.00000000012C7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12C7000
|
Size: |
77824
|
|
3B75000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560029071.0000000003B75000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B75000
|
Size: |
4096
|
|
3B8D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560029071.0000000003B8D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B8D000
|
Size: |
12288
|
|
2FAD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632788047.0000000002FAD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2FAD000
|
Size: |
12288
|
|
12DB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560431436.00000000012DB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DB000
|
Size: |
4096
|
|
3B7B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1295967386.0000000003B7B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B7B000
|
Size: |
8192
|
|
3B50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1528849735.0000000003B50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B50000
|
Size: |
24576
|
|
12E7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529897506.00000000012E7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E7000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
13C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1503761430.00000000013C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
13C0000
|
Size: |
4096
|
|
3B89000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1294984513.0000000003B89000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B89000
|
Size: |
118784
|
|
12DB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559608097.00000000012DB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DB000
|
Size: |
4096
|
|
3C61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1558755290.0000000003C61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C61000
|
Size: |
4096
|
|
3BA7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1294338961.0000000003BA7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3BA7000
|
Size: |
4096
|
|
3B5C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529448365.0000000003B5C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B5C000
|
Size: |
4096
|
|
12BC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1530149419.00000000012BC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12BC000
|
Size: |
122880
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
1370000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632656967.0000000001370000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1370000
|
Size: |
8192
|
|
12DB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560595868.00000000012DB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DB000
|
Size: |
4096
|
|
3C61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559101341.0000000003C61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C61000
|
Size: |
4096
|
|
121E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1266774523.000000000121E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
121E000
|
Size: |
462848
|
|
3B41000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1293767537.0000000003B41000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B41000
|
Size: |
196608
|
|
12E6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1557701021.00000000012E6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E6000
|
Size: |
20480
|
|
3C4D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1543175665.0000000003C4D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C4D000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
13B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1503742358.00000000013B0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
13B0000
|
Size: |
4096
|
|
3B49000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1633234944.0000000003B49000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B49000
|
Size: |
4096
|
|
398E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1633076337.000000000398E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
398E000
|
Size: |
8192
|
|
3C61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1558356039.0000000003C61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C61000
|
Size: |
4096
|
|
3C50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1558185296.0000000003C50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C50000
|
Size: |
8192
|
|
3C41000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560780753.0000000003C41000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C41000
|
Size: |
172032
|
|
3B74000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1584361687.0000000003B74000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B74000
|
Size: |
4096
|
|
12BD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1528754817.00000000012BD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12BD000
|
Size: |
118784
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
3B99000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1296187204.0000000003B99000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B99000
|
Size: |
53248
|
|
3F4E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1588781453.0000000003F4E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3F4E000
|
Size: |
471040
|
|
4955000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1588835130.0000000004955000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4955000
|
Size: |
573440
|
|
12E5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632554277.00000000012E5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E5000
|
Size: |
4096
|
|
3F17000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1544250040.0000000003F17000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3F17000
|
Size: |
4096
|
|
384F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632946289.000000000384F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
384F000
|
Size: |
4096
|
|
3B78000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1296187204.0000000003B78000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B78000
|
Size: |
8192
|
|
1320000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632621900.0000000001320000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1320000
|
Size: |
4096
|
|
126C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1276150562.000000000126C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
126C000
|
Size: |
212992
|
|
3C5F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1543175665.0000000003C5F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C5F000
|
Size: |
8192
|
|
12DB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559487979.00000000012DB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DB000
|
Size: |
4096
|
|
3B92000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529302604.0000000003B92000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B92000
|
Size: |
4096
|
|
12C1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1595467129.00000000012C1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12C1000
|
Size: |
45056
|
|
12F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1543158263.00000000012F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12F5000
|
Size: |
20480
|
|
12A9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1584530133.00000000012A9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12A9000
|
Size: |
4096
|
|
3C50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559427961.0000000003C50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C50000
|
Size: |
4096
|
|
3B5D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529212532.0000000003B5D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B5D000
|
Size: |
4096
|
|
171E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1503896115.000000000171E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
171E000
|
Size: |
8192
|
|
3B85000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1544170290.0000000003B85000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B85000
|
Size: |
139264
|
|
3B7E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529448365.0000000003B7E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B7E000
|
Size: |
4096
|
|
12CE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1588301526.00000000012CE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12CE000
|
Size: |
49152
|
|
3B81000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529448365.0000000003B81000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B81000
|
Size: |
4096
|
|
12C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1584501707.00000000012C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12C0000
|
Size: |
4096
|
|
3B8A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529100286.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B8A000
|
Size: |
8192
|
|
3050000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1267203077.0000000003050000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
3050000
|
Size: |
4096
|
|
3B5C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1528737340.0000000003B5C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B5C000
|
Size: |
20480
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
12F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1542829908.00000000012F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12F4000
|
Size: |
24576
|
|
3B8A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529755303.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B8A000
|
Size: |
16384
|
|
3B86000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529448365.0000000003B86000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B86000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
15CE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632736061.00000000015CE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
15CE000
|
Size: |
8192
|
|
12DE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1543311993.00000000012DE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DE000
|
Size: |
4096
|
|
3C41000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1561026410.0000000003C41000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C41000
|
Size: |
172032
|
|
3C61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1558293592.0000000003C61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C61000
|
Size: |
4096
|
|
12E5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560595868.00000000012E5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E5000
|
Size: |
4096
|
|
13F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632702200.00000000013F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
13F5000
|
Size: |
12288
|
|
3F1F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1544250040.0000000003F1F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3F1F000
|
Size: |
4096
|
|
3B76000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1295967386.0000000003B76000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B76000
|
Size: |
8192
|
|
1245000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632344310.0000000001245000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1245000
|
Size: |
45056
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
1200000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632344310.0000000001200000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1200000
|
Size: |
28672
|
|
12E5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560431436.00000000012E5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E5000
|
Size: |
4096
|
|
15DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1503854512.00000000015DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
15DE000
|
Size: |
8192
|
|
E71000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000000.1259428773.0000000000E71000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
E71000
|
Size: |
77824
|
|
3B4D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560709221.0000000003B4D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B4D000
|
Size: |
61440
|
|
3C61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1558657570.0000000003C61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C61000
|
Size: |
4096
|
|
E71000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000002.1503436159.0000000000E71000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
E71000
|
Size: |
77824
|
|
3B64000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1528805444.0000000003B64000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B64000
|
Size: |
4096
|
|
1253000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1276150562.0000000001253000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1253000
|
Size: |
98304
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
32AE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632897983.00000000032AE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
32AE000
|
Size: |
8192
|
|
12E6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1543311993.00000000012E6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E6000
|
Size: |
8192
|
|
3B50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1595641129.0000000003B50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B50000
|
Size: |
106496
|
|
3B94000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529755303.0000000003B94000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B94000
|
Size: |
4096
|
|
12E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559755940.00000000012E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E0000
|
Size: |
4096
|
|
12CE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632554277.00000000012CE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12CE000
|
Size: |
49152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
EE8000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000002.1503623367.0000000000EE8000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
EE8000
|
Size: |
4096
|
|
12BC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1584501707.00000000012BC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12BC000
|
Size: |
4096
|
|
3B9F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1294005878.0000000003B9F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B9F000
|
Size: |
12288
|
|
3BAD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560029071.0000000003BAD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3BAD000
|
Size: |
8192
|
|
12E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560595868.00000000012E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E0000
|
Size: |
4096
|
|
3C79000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560780753.0000000003C79000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C79000
|
Size: |
4096
|
|
3B88000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1294338961.0000000003B88000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B88000
|
Size: |
122880
|
|
12E1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1528754817.00000000012E1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E1000
|
Size: |
4096
|
|
4449000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1587629036.0000000004449000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4449000
|
Size: |
5242880
|
|
3B6F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529448365.0000000003B6F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B6F000
|
Size: |
4096
|
|
3C61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559003909.0000000003C61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C61000
|
Size: |
4096
|
|
EE2000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000000.1266522739.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
EE2000
|
Size: |
12288
|
|
3B7A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1588233056.0000000003B7A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B7A000
|
Size: |
241664
|
|
3060000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632841467.0000000003060000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3060000
|
Size: |
16384
|
|
3BA9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1296187204.0000000003BA9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3BA9000
|
Size: |
4096
|
|
3B8E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529448365.0000000003B8E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B8E000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
3B50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1595333400.0000000003B50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B50000
|
Size: |
45056
|
|
3B73000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1542993729.0000000003B73000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B73000
|
Size: |
8192
|
|
3C61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1558109577.0000000003C61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C61000
|
Size: |
4096
|
|
12E5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1618718716.00000000012E5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E5000
|
Size: |
4096
|
|
12C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1588411432.00000000012C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12C0000
|
Size: |
4096
|
|
3B85000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1543086944.0000000003B85000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B85000
|
Size: |
139264
|
|
3B6C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1633287464.0000000003B6C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B6C000
|
Size: |
114688
|
|
2EAD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632770971.0000000002EAD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2EAD000
|
Size: |
12288
|
|
3BA4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529448365.0000000003BA4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3BA4000
|
Size: |
143360
|
|
12DE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560431436.00000000012DE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DE000
|
Size: |
4096
|
|
3C61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1558185296.0000000003C61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C61000
|
Size: |
4096
|
|
12E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560431436.00000000012E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E0000
|
Size: |
4096
|
|
316D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632858349.000000000316D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
316D000
|
Size: |
12288
|
|
13BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632672078.00000000013BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
13BE000
|
Size: |
8192
|
|
3C50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1558497629.0000000003C50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C50000
|
Size: |
8192
|
|
3B72000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529212532.0000000003B72000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B72000
|
Size: |
16384
|
|
3B76000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1294338961.0000000003B76000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B76000
|
Size: |
4096
|
|
12D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1618718716.00000000012D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12D0000
|
Size: |
40960
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
73CBD000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1633483830.0000000073CBD000.00000004.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
73CBD000
|
Size: |
8192
|
|
EE2000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1259511792.0000000000EE2000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
EE2000
|
Size: |
12288
|
|
3C79000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1543139539.0000000003C79000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C79000
|
Size: |
4096
|
|
12F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1557701021.00000000012F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12F5000
|
Size: |
20480
|
|
13F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632702200.00000000013F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
13F0000
|
Size: |
16384
|
|
3B40000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1633234944.0000000003B40000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B40000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3C61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1633357160.0000000003C61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C61000
|
Size: |
126976
|
|
12F1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1595768956.00000000012F1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12F1000
|
Size: |
36864
|
|
12E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559487979.00000000012E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E0000
|
Size: |
4096
|
|
12C3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1293423233.00000000012C3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12C3000
|
Size: |
12288
|
|
3BA7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1296187204.0000000003BA7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3BA7000
|
Size: |
4096
|
|
3B5B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1588233056.0000000003B5B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B5B000
|
Size: |
118784
|
|
E84000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.1503468367.0000000000E84000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
E84000
|
Size: |
28672
|
|
3B73000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529448365.0000000003B73000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B73000
|
Size: |
4096
|
|
3B76000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1295638393.0000000003B76000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B76000
|
Size: |
8192
|
|
12EE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1542829908.00000000012EE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12EE000
|
Size: |
20480
|
|
3B4A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560709221.0000000003B4A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B4A000
|
Size: |
4096
|
|
EE5000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000002.1503623367.0000000000EE5000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
EE5000
|
Size: |
4096
|
|
3B85000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529755303.0000000003B85000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B85000
|
Size: |
16384
|
|
12C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632344310.00000000012C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12C0000
|
Size: |
4096
|
|
12DB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1618718716.00000000012DB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DB000
|
Size: |
24576
|
|
12E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1557986513.00000000012E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E0000
|
Size: |
4096
|
|
12E2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1528988408.00000000012E2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E2000
|
Size: |
45056
|
|
3B50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1528593534.0000000003B50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B50000
|
Size: |
69632
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3B76000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1544170290.0000000003B76000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B76000
|
Size: |
24576
|
|
E71000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000004.00000000.1266460155.0000000000E71000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
E71000
|
Size: |
77824
|
|
12F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1543283746.00000000012F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12F5000
|
Size: |
20480
|
|
3B6C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1595641129.0000000003B6C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B6C000
|
Size: |
114688
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.1632121462.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute and read and write
|
Base address: |
400000
|
Size: |
335872
|
|
3B61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529302604.0000000003B61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B61000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
3E40000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1544250040.0000000003E40000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3E40000
|
Size: |
4096
|
|
181F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1503916532.000000000181F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
181F000
|
Size: |
4096
|
|
3B92000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529755303.0000000003B92000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B92000
|
Size: |
4096
|
|
12DB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1588301526.00000000012DB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DB000
|
Size: |
24576
|
|
73CBF000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.1633502464.0000000073CBF000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
73CBF000
|
Size: |
12288
|
|
12E2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1542829908.00000000012E2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E2000
|
Size: |
36864
|
|
3B73000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1543485172.0000000003B73000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B73000
|
Size: |
8192
|
|
3B5C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560320358.0000000003B5C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B5C000
|
Size: |
8192
|
|
12DB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1595467129.00000000012DB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DB000
|
Size: |
24576
|
|
3C61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1558427063.0000000003C61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C61000
|
Size: |
4096
|
|
FEA000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632328573.0000000000FEA000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
FEA000
|
Size: |
24576
|
|
3B83000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1295967386.0000000003B83000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B83000
|
Size: |
4096
|
|
12DB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1557986513.00000000012DB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DB000
|
Size: |
4096
|
|
3B61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1295638393.0000000003B61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B61000
|
Size: |
69632
|
|
3B61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1296187204.0000000003B61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B61000
|
Size: |
73728
|
|
12CA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1293674998.00000000012CA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12CA000
|
Size: |
28672
|
|
3C6F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1543175665.0000000003C6F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C6F000
|
Size: |
8192
|
|
E8B000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000004.00000002.1632240689.0000000000E8B000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
E8B000
|
Size: |
352256
|
|
EE5000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000000.1259529033.0000000000EE5000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
EE5000
|
Size: |
4096
|
|
3C77000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1543175665.0000000003C77000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C77000
|
Size: |
8192
|
|
3B4A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1528849735.0000000003B4A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B4A000
|
Size: |
16384
|
|
12C1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559608097.00000000012C1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12C1000
|
Size: |
102400
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
73CA0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.1633422572.0000000073CA0000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
73CA0000
|
Size: |
4096
|
|
3B9A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529100286.0000000003B9A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B9A000
|
Size: |
118784
|
|
13F7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559968296.00000000013F7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
13F7000
|
Size: |
4096
|
|
12A9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1588501158.00000000012A9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12A9000
|
Size: |
4096
|
|
121C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632344310.000000000121C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
121C000
|
Size: |
57344
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
EE8000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000000.1259529033.0000000000EE8000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
EE8000
|
Size: |
4096
|
|
12E2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529897506.00000000012E2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E2000
|
Size: |
8192
|
|
12DB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1584407261.00000000012DB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DB000
|
Size: |
4096
|
|
12BD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1293612240.00000000012BD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12BD000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
126B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1584530133.000000000126B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
126B000
|
Size: |
229376
|
|
12CE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1584407261.00000000012CE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12CE000
|
Size: |
49152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3B7C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529448365.0000000003B7C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B7C000
|
Size: |
4096
|
|
1247000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1276150562.0000000001247000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1247000
|
Size: |
40960
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
12AB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632344310.00000000012AB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12AB000
|
Size: |
65536
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3B61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1294819515.0000000003B61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B61000
|
Size: |
65536
|
|
12DB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632554277.00000000012DB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DB000
|
Size: |
24576
|
|
12E4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1588438643.00000000012E4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E4000
|
Size: |
4096
|
|
3B50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1588381635.0000000003B50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B50000
|
Size: |
45056
|
|
3BB8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529100286.0000000003BB8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3BB8000
|
Size: |
4096
|
|
3C40000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1633339473.0000000003C40000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C40000
|
Size: |
4096
|
|
12F3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529979749.00000000012F3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12F3000
|
Size: |
12288
|
|
3B9E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560029071.0000000003B9E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B9E000
|
Size: |
57344
|
|
3C50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559003909.0000000003C50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C50000
|
Size: |
8192
|
|
12DE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1557986513.00000000012DE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DE000
|
Size: |
4096
|
|
3C50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1558356039.0000000003C50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C50000
|
Size: |
8192
|
|
1291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1266774523.0000000001291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1291000
|
Size: |
4096
|
|
3B78000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1294984513.0000000003B78000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B78000
|
Size: |
12288
|
|
EE1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1503572248.0000000000EE1000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
EE1000
|
Size: |
4096
|
|
3B44000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1633234944.0000000003B44000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B44000
|
Size: |
4096
|
|
33AF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632914124.00000000033AF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
33AF000
|
Size: |
4096
|
|
326F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632874479.000000000326F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
326F000
|
Size: |
4096
|
|
16DF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1503875106.00000000016DF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
16DF000
|
Size: |
4096
|
|
12A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1276129508.00000000012A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12A0000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
12AB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1584530133.00000000012AB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12AB000
|
Size: |
65536
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
12F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632604217.00000000012F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12F5000
|
Size: |
20480
|
|
13DA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1503784879.00000000013DA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
13DA000
|
Size: |
8192
|
|
12DE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560595868.00000000012DE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12DE000
|
Size: |
4096
|
|
3B52000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1530020279.0000000003B52000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B52000
|
Size: |
40960
|
|
12A6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632344310.00000000012A6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12A6000
|
Size: |
8192
|
|
73CB6000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.1633464103.0000000073CB6000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
73CB6000
|
Size: |
28672
|
|
13D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1503784879.00000000013D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
13D0000
|
Size: |
32768
|
|
12C5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1560431436.00000000012C5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12C5000
|
Size: |
8192
|
|
12A9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632344310.00000000012A9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12A9000
|
Size: |
4096
|
|
3C79000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1543413164.0000000003C79000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C79000
|
Size: |
4096
|
|
3B64000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1528960037.0000000003B64000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B64000
|
Size: |
4096
|
|
3B50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1528704318.0000000003B50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B50000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3FD3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1632007164.0000000003FD3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3FD3000
|
Size: |
552960
|
|
3C47000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1543175665.0000000003C47000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C47000
|
Size: |
8192
|
|
12B9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1530170753.00000000012B9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12B9000
|
Size: |
12288
|
|
3B94000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529302604.0000000003B94000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B94000
|
Size: |
8192
|
|
3050000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1267163495.0000000003050000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
3050000
|
Size: |
4096
|
|
133D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1503696004.000000000133D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
133D000
|
Size: |
12288
|
|
E84000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.1632224944.0000000000E84000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
E84000
|
Size: |
28672
|
|
3BBA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529100286.0000000003BBA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3BBA000
|
Size: |
8192
|
|
3C41000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1557641736.0000000003C41000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C41000
|
Size: |
16384
|
|
3B4B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1528593534.0000000003B4B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B4B000
|
Size: |
8192
|
|
3B55000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559711791.0000000003B55000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B55000
|
Size: |
28672
|
|
1251000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632344310.0000000001251000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1251000
|
Size: |
4096
|
|
3B4A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1542881396.0000000003B4A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B4A000
|
Size: |
32768
|
|
3B53000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1295638393.0000000003B53000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B53000
|
Size: |
4096
|
|
3C41000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1595726580.0000000003C41000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C41000
|
Size: |
258048
|
|
1380000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1503715661.0000000001380000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1380000
|
Size: |
20480
|
|
12E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559608097.00000000012E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E0000
|
Size: |
4096
|
|
EE0000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1503545323.0000000000EE0000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
EE0000
|
Size: |
4096
|
|
3FAF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1544250040.0000000003FAF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3FAF000
|
Size: |
4096
|
|
3B1F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1633136100.0000000003B1F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3B1F000
|
Size: |
4096
|
|
3B4A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1529996399.0000000003B4A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B4A000
|
Size: |
73728
|
|
1266000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1279584582.0000000001266000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1266000
|
Size: |
20480
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
12A6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1588501158.00000000012A6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12A6000
|
Size: |
8192
|
|
1208000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.1632344310.0000000001208000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1208000
|
Size: |
69632
|
|
3C61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1559376862.0000000003C61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C61000
|
Size: |
4096
|
|