ACCC000
|
heap
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000004.00000002.2775936845.000000000ACCC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
ACCC000
|
Size: |
6262784
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected UAC Bypass using CMSTP |
Exploits |
|
|
9BC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2397142760.00000000009BC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9BC000
|
Size: |
36864
|
|
4224000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2378998962.0000000004224000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4224000
|
Size: |
16384
|
|
15BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2770143201.00000000015BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
15BE000
|
Size: |
8192
|
|
4515000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2425143212.0000000004515000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4515000
|
Size: |
884736
|
|
451B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2419456082.000000000451B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
451B000
|
Size: |
589824
|
|
2701000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2282227257.0000000002701000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2701000
|
Size: |
4096
|
|
4318000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2396950919.0000000004318000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4318000
|
Size: |
8192
|
|
4618000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2427093467.0000000004618000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4618000
|
Size: |
950272
|
|
434F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2417237825.000000000434F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
434F000
|
Size: |
1241088
|
|
421E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2366982787.000000000421E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
421E000
|
Size: |
12288
|
|
46C4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2424110062.00000000046C4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
46C4000
|
Size: |
843776
|
|
4220000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2330874787.0000000004220000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4220000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
45B6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2420105759.00000000045B6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45B6000
|
Size: |
638976
|
|
4229000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2362556907.0000000004229000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4229000
|
Size: |
20480
|
|
4514000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2420247155.0000000004514000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4514000
|
Size: |
655360
|
|
144000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281596432.0000000000144000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
144000
|
Size: |
4096
|
|
422C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331933508.000000000422C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
422C000
|
Size: |
12288
|
|
4242000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2498523649.0000000004242000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4242000
|
Size: |
196608
|
|
4318000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2344156676.0000000004318000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4318000
|
Size: |
12288
|
|
9BA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2498671106.00000000009BA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9BA000
|
Size: |
16384
|
|
4513000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2423611534.0000000004513000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4513000
|
Size: |
819200
|
|
4258000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331723413.0000000004258000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4258000
|
Size: |
4096
|
|
2701000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281853465.0000000002701000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2701000
|
Size: |
4096
|
|
4AB000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2157252939.00000000004AB000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
4AB000
|
Size: |
4096
|
|
4329000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2367560537.0000000004329000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4329000
|
Size: |
4096
|
|
401000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000000.2157171845.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
401000
|
Size: |
688128
|
|
4512000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2433572856.0000000004512000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4512000
|
Size: |
1032192
|
|
451C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2431856615.000000000451C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
451C000
|
Size: |
983040
|
|
42A8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309553437.00000000042A8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42A8000
|
Size: |
16384
|
|
421F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2378932528.000000000421F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
421F000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
4245000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2345564910.0000000004245000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4245000
|
Size: |
4096
|
|
434F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2418222014.000000000434F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
434F000
|
Size: |
1486848
|
|
3070000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000004.00000002.2770669111.0000000003070000.00000008.00000001.01000000.00000008.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
3070000
|
Size: |
24576
|
|
42C6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309777860.00000000042C6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42C6000
|
Size: |
126976
|
|
9C7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2397142760.00000000009C7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C7000
|
Size: |
12288
|
|
45B2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2419386221.00000000045B2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45B2000
|
Size: |
585728
|
|
4516000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2433929921.0000000004516000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4516000
|
Size: |
1048576
|
|
9D8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2397568109.00000000009D8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D8000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2366592195.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364006702.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
431D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2345159843.000000000431D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
431D000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363274576.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
B3F000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000000.2757881951.0000000000B3F000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
B3F000
|
Size: |
589824
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
4215000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2330874787.0000000004215000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4215000
|
Size: |
40960
|
|
42A9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2343660041.00000000042A9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42A9000
|
Size: |
16384
|
|
9BE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2498555221.00000000009BE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9BE000
|
Size: |
45056
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
4337000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2345159843.0000000004337000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4337000
|
Size: |
8192
|
|
4231000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2310174053.0000000004231000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4231000
|
Size: |
65536
|
|
9CC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2498601813.00000000009CC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9CC000
|
Size: |
86016
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
4211000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308232279.0000000004211000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4211000
|
Size: |
196608
|
|
1254000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2761912769.0000000001254000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1254000
|
Size: |
4096
|
|
4608000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2426662852.0000000004608000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4608000
|
Size: |
933888
|
|
4228000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2498629022.0000000004228000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4228000
|
Size: |
86016
|
|
2701000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281898207.0000000002701000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2701000
|
Size: |
4096
|
|
BDF000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000000.2757962664.0000000000BDF000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
BDF000
|
Size: |
143360
|
|
45E5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2423703460.00000000045E5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45E5000
|
Size: |
827392
|
|
9AA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2397142760.00000000009AA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9AA000
|
Size: |
32768
|
|
400000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2157155576.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
400000
|
Size: |
4096
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2366372445.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
6D392000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2777884959.000000006D392000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6D392000
|
Size: |
12288
|
|
42E6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309777860.00000000042E6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42E6000
|
Size: |
4096
|
|
464A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2418937109.000000000464A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
464A000
|
Size: |
552960
|
|
4329000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2396950919.0000000004329000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4329000
|
Size: |
4096
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364366865.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
6C68A000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2777293427.000000006C68A000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6C68A000
|
Size: |
360448
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
4341000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2344156676.0000000004341000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4341000
|
Size: |
16384
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363727987.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
44BC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2500407715.00000000044BC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
44BC000
|
Size: |
4096
|
|
4259000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308567316.0000000004259000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4259000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2701000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2282146876.0000000002701000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2701000
|
Size: |
4096
|
|
2F9D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281239676.0000000002F9D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2F9D000
|
Size: |
1101824
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
4249000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308944048.0000000004249000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4249000
|
Size: |
8192
|
|
4311000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2498489617.0000000004311000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4311000
|
Size: |
253952
|
|
4263000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308472533.0000000004263000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4263000
|
Size: |
12288
|
|
144000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281482695.0000000000144000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
144000
|
Size: |
4096
|
|
42A8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308944048.00000000042A8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42A8000
|
Size: |
12288
|
|
BCF000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000004.00000002.2769471887.0000000000BCF000.00000008.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
BCF000
|
Size: |
4096
|
|
12FA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2769940496.00000000012FA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12FA000
|
Size: |
12288
|
|
4516000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2419000893.0000000004516000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4516000
|
Size: |
552960
|
|
B2D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2776671015.000000000B2D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
B2D0000
|
Size: |
1196032
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
42DF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331252826.00000000042DF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42DF000
|
Size: |
8192
|
|
42C1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331524699.00000000042C1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42C1000
|
Size: |
8192
|
|
42A8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308567316.00000000042A8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42A8000
|
Size: |
8192
|
|
423D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331933508.000000000423D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423D000
|
Size: |
126976
|
|
4275000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309339538.0000000004275000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4275000
|
Size: |
4096
|
|
45F2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2424633628.00000000045F2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45F2000
|
Size: |
868352
|
|
2E61000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000004.00000002.2770222630.0000000002E61000.00000020.00000001.01000000.00000008.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
2E61000
|
Size: |
1855488
|
|
4221000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2500580291.0000000004221000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4221000
|
Size: |
12288
|
|
4249000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309339538.0000000004249000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4249000
|
Size: |
8192
|
|
4515000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2421668936.0000000004515000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4515000
|
Size: |
737280
|
|
2701000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281964877.0000000002701000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2701000
|
Size: |
4096
|
|
42DA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331252826.00000000042DA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42DA000
|
Size: |
8192
|
|
45AF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2418874499.00000000045AF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45AF000
|
Size: |
544768
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364571931.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
3026000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2770453133.0000000003026000.00000002.00000001.01000000.00000008.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
3026000
|
Size: |
274432
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
42B5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309965768.00000000042B5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42B5000
|
Size: |
12288
|
|
6D2F0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2777689642.000000006D2F0000.00000002.00000001.01000000.0000000B.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6D2F0000
|
Size: |
4096
|
|
4211000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2330874787.0000000004211000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4211000
|
Size: |
12288
|
|
9D9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2344496085.00000000009D9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D9000
|
Size: |
32768
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
42C1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2346802850.00000000042C1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42C1000
|
Size: |
139264
|
|
144000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281417049.0000000000144000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
144000
|
Size: |
4096
|
|
36A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2771799905.00000000036A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
36A0000
|
Size: |
4096
|
|
4221000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2379150415.0000000004221000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4221000
|
Size: |
12288
|
|
4514000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2426526745.0000000004514000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4514000
|
Size: |
933888
|
|
42D1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2332010923.00000000042D1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42D1000
|
Size: |
16384
|
|
2701000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281798318.0000000002701000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2701000
|
Size: |
4096
|
|
4241000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2498629022.0000000004241000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4241000
|
Size: |
4096
|
|
45C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2420783360.00000000045C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45C0000
|
Size: |
688128
|
|
42AF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2344108758.00000000042AF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42AF000
|
Size: |
4096
|
|
9B5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2397142760.00000000009B5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9B5000
|
Size: |
4096
|
|
4241000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308944048.0000000004241000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4241000
|
Size: |
8192
|
|
2701000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281931934.0000000002701000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2701000
|
Size: |
4096
|
|
4341000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2396950919.0000000004341000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4341000
|
Size: |
4096
|
|
9CC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2498555221.00000000009CC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9CC000
|
Size: |
86016
|
|
4229000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2310174053.0000000004229000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4229000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
4516000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2419591807.0000000004516000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4516000
|
Size: |
606208
|
|
A6A9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2775523355.000000000A6A9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A6A9000
|
Size: |
5992448
|
|
3076000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2770708982.0000000003076000.00000004.00000001.01000000.00000008.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
3076000
|
Size: |
12288
|
|
423D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2362848395.000000000423D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423D000
|
Size: |
24576
|
|
9C9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2397414206.00000000009C9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C9000
|
Size: |
4096
|
|
144000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2279315085.0000000000144000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
144000
|
Size: |
4096
|
|
2EF2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281239676.0000000002EF2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2EF2000
|
Size: |
696320
|
|
9B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2344496085.00000000009B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9B0000
|
Size: |
8192
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363400855.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
9B5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2362659978.00000000009B5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9B5000
|
Size: |
4096
|
|
4311000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2367560537.0000000004311000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4311000
|
Size: |
4096
|
|
5EB1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2746647026.0000000005EB1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5EB1000
|
Size: |
4096
|
|
4211000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2362556907.0000000004211000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4211000
|
Size: |
94208
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
42B5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309777860.00000000042B5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42B5000
|
Size: |
12288
|
|
9CC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2397414206.00000000009CC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9CC000
|
Size: |
45056
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
4278000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309553437.0000000004278000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4278000
|
Size: |
4096
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364056882.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
45AC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2419190093.00000000045AC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45AC000
|
Size: |
569344
|
|
45B3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2419662787.00000000045B3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45B3000
|
Size: |
606208
|
|
462B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2433441295.000000000462B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
462B000
|
Size: |
1032192
|
|
4F12000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2499040096.0000000004F12000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4F12000
|
Size: |
1818624
|
|
9B9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2344496085.00000000009B9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9B9000
|
Size: |
122880
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
9B5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2379188587.00000000009B5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9B5000
|
Size: |
4096
|
|
1320000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2769940496.0000000001320000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1320000
|
Size: |
163840
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363526151.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
4676000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2420868212.0000000004676000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4676000
|
Size: |
696320
|
|
4211000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2332221698.0000000004211000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4211000
|
Size: |
77824
|
|
45B5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2419524390.00000000045B5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45B5000
|
Size: |
598016
|
|
4249000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308304544.0000000004249000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4249000
|
Size: |
4096
|
|
16BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2770168561.00000000016BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
16BE000
|
Size: |
8192
|
|
451E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2426313007.000000000451E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
451E000
|
Size: |
917504
|
|
4721000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2433812703.0000000004721000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4721000
|
Size: |
1048576
|
|
3690000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2771772411.0000000003690000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3690000
|
Size: |
53248
|
|
4244000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308944048.0000000004244000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4244000
|
Size: |
4096
|
|
9D9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2367038789.00000000009D9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D9000
|
Size: |
32768
|
|
6D2F1000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000004.00000002.2777714801.000000006D2F1000.00000020.00000001.01000000.0000000B.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
6D2F1000
|
Size: |
401408
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
1230000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2769756010.0000000001230000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1230000
|
Size: |
4096
|
|
4615000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2432544089.0000000004615000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4615000
|
Size: |
991232
|
|
2701000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2282332116.0000000002701000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2701000
|
Size: |
4096
|
|
42B2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2346802850.00000000042B2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42B2000
|
Size: |
20480
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
9B5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2344496085.00000000009B5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9B5000
|
Size: |
4096
|
|
42C1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331252826.00000000042C1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42C1000
|
Size: |
8192
|
|
9BC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2397535253.00000000009BC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9BC000
|
Size: |
8192
|
|
46F8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2429377520.00000000046F8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
46F8000
|
Size: |
966656
|
|
42DF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331524699.00000000042DF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42DF000
|
Size: |
8192
|
|
4513000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2419321357.0000000004513000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4513000
|
Size: |
585728
|
|
4A9000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000000.2157235543.00000000004A9000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
4A9000
|
Size: |
8192
|
|
C04000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2769616988.0000000000C04000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
C04000
|
Size: |
356352
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
9B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2362659978.00000000009B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9B0000
|
Size: |
8192
|
|
42A8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308472533.00000000042A8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42A8000
|
Size: |
8192
|
|
3CDB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2772038215.0000000003CDB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3CDB000
|
Size: |
4096
|
|
9B9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2362659978.00000000009B9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9B9000
|
Size: |
122880
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
6D381000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000004.00000002.2777836791.000000006D381000.00000020.00000001.01000000.00000009.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
6D381000
|
Size: |
65536
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
423D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364993992.000000000423D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423D000
|
Size: |
4096
|
|
423D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2366704178.000000000423D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423D000
|
Size: |
4096
|
|
B3F000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2769328706.0000000000B3F000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
B3F000
|
Size: |
589824
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
4271000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2500496233.0000000004271000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4271000
|
Size: |
4096
|
|
45F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2425828890.00000000045F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45F0000
|
Size: |
901120
|
|
45D6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2421573232.00000000045D6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45D6000
|
Size: |
737280
|
|
4224000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2310174053.0000000004224000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4224000
|
Size: |
4096
|
|
45E8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2423471999.00000000045E8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45E8000
|
Size: |
819200
|
|
42E5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331524699.00000000042E5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42E5000
|
Size: |
8192
|
|
45F4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2347294395.00000000045F4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45F4000
|
Size: |
4096
|
|
B46E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2776671015.000000000B46E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
B46E000
|
Size: |
24576
|
|
10000000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2776991139.0000000010000000.00000002.00000001.01000000.00000007.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
10000000
|
Size: |
4096
|
|
42B3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331252826.00000000042B3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42B3000
|
Size: |
36864
|
|
45F8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2424381951.00000000045F8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45F8000
|
Size: |
851968
|
|
4428000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2418107287.0000000004428000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4428000
|
Size: |
942080
|
|
462D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2434082729.000000000462D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
462D000
|
Size: |
1056768
|
|
C04000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000000.2757994061.0000000000C04000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
C04000
|
Size: |
356352
|
|
9D9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2362659978.00000000009D9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D9000
|
Size: |
32768
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364883519.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
4231000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309714463.0000000004231000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4231000
|
Size: |
65536
|
|
4275000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309553437.0000000004275000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4275000
|
Size: |
4096
|
|
423D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363681145.000000000423D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423D000
|
Size: |
4096
|
|
9C7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2397270389.00000000009C7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C7000
|
Size: |
12288
|
|
4511000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2420029171.0000000004511000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4511000
|
Size: |
638976
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2365811443.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
5CA6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2746647026.0000000005CA6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5CA6000
|
Size: |
2138112
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
9CC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2397142760.00000000009CC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9CC000
|
Size: |
45056
|
|
4211000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2343965668.0000000004211000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4211000
|
Size: |
12288
|
|
4516000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2421458558.0000000004516000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4516000
|
Size: |
729088
|
|
4513000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2419126045.0000000004513000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4513000
|
Size: |
569344
|
|
144000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281576121.0000000000144000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
144000
|
Size: |
4096
|
|
422E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2343838162.000000000422E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
422E000
|
Size: |
32768
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2365694393.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
B3F9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2776671015.000000000B3F9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
B3F9000
|
Size: |
4096
|
|
144000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281543982.0000000000144000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
144000
|
Size: |
4096
|
|
10001000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000004.00000002.2777017413.0000000010001000.00000020.00000001.01000000.00000007.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
10001000
|
Size: |
4096
|
|
434F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2417433774.000000000434F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
434F000
|
Size: |
1339392
|
|
4511000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2422342233.0000000004511000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4511000
|
Size: |
770048
|
|
6D356000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2777789839.000000006D356000.00000002.00000001.01000000.0000000B.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6D356000
|
Size: |
28672
|
|
4511000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2419794186.0000000004511000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4511000
|
Size: |
622592
|
|
469A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2421903579.000000000469A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
469A000
|
Size: |
753664
|
|
422A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2379042172.000000000422A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
422A000
|
Size: |
77824
|
|
4519000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2432914828.0000000004519000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4519000
|
Size: |
1007616
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2365568504.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
4317000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2345159843.0000000004317000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4317000
|
Size: |
8192
|
|
45E3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2422784270.00000000045E3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45E3000
|
Size: |
786432
|
|
423D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364096319.000000000423D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423D000
|
Size: |
4096
|
|
12DD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2769912398.00000000012DD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
12DD000
|
Size: |
12288
|
|
4511000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2423829089.0000000004511000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4511000
|
Size: |
835584
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363809006.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
10002000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2777060772.0000000010002000.00000002.00000001.01000000.00000007.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
10002000
|
Size: |
4096
|
|
423D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363356767.000000000423D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423D000
|
Size: |
4096
|
|
EBB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2769669832.0000000000EBB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
EBB000
|
Size: |
20480
|
|
6C6ED000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2777445101.000000006C6ED000.00000004.00000001.01000000.0000000A.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
6C6ED000
|
Size: |
20480
|
|
42A8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309339538.00000000042A8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42A8000
|
Size: |
12288
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363902545.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
6C500000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2777110652.000000006C500000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6C500000
|
Size: |
4096
|
|
42A9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2330942265.00000000042A9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42A9000
|
Size: |
24576
|
|
A0D8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2774741712.000000000A0D8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A0D8000
|
Size: |
6017024
|
|
42BC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2332010923.00000000042BC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42BC000
|
Size: |
4096
|
|
427A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309339538.000000000427A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
427A000
|
Size: |
4096
|
|
434F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2498333882.000000000434F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
434F000
|
Size: |
512000
|
|
42E7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2344108758.00000000042E7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42E7000
|
Size: |
4096
|
|
42B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2367268782.00000000042B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42B0000
|
Size: |
8192
|
|
3CC9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2772038215.0000000003CC9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3CC9000
|
Size: |
61440
|
|
42D7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331252826.00000000042D7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42D7000
|
Size: |
4096
|
|
6C6F4000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2777499327.000000006C6F4000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6C6F4000
|
Size: |
1363968
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
37CE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2771851128.00000000037CE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
37CE000
|
Size: |
1187840
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
4512000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2420393109.0000000004512000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4512000
|
Size: |
663552
|
|
9BE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2397270389.00000000009BE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9BE000
|
Size: |
28672
|
|
4246000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309553437.0000000004246000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4246000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363902545.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
9D9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2366822613.00000000009D9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D9000
|
Size: |
32768
|
|
45E3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2423071950.00000000045E3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45E3000
|
Size: |
802816
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364469859.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
4727000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2433145663.0000000004727000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4727000
|
Size: |
1015808
|
|
42D1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331524699.00000000042D1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42D1000
|
Size: |
8192
|
|
BD0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2769507217.0000000000BD0000.00000004.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BD0000
|
Size: |
4096
|
|
42C1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2345356791.00000000042C1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42C1000
|
Size: |
73728
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364006702.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
465B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2419953501.000000000465B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
465B000
|
Size: |
630784
|
|
451F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2426077172.000000000451F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
451F000
|
Size: |
909312
|
|
4223000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308267233.0000000004223000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4223000
|
Size: |
122880
|
|
1321000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2758913611.0000000001321000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1321000
|
Size: |
139264
|
|
4516000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2420548034.0000000004516000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4516000
|
Size: |
671744
|
|
4228000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2344240709.0000000004228000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4228000
|
Size: |
4096
|
|
9C5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2500552260.00000000009C5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C5000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
4253000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331723413.0000000004253000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4253000
|
Size: |
16384
|
|
4668000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2420189989.0000000004668000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4668000
|
Size: |
647168
|
|
4275000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308944048.0000000004275000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4275000
|
Size: |
4096
|
|
425D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331723413.000000000425D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
425D000
|
Size: |
4096
|
|
BD1000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000004.00000002.2769540119.0000000000BD1000.00000008.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
BD1000
|
Size: |
28672
|
|
4F6000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000000.2157302683.00000000004F6000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
4F6000
|
Size: |
819200
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
144000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281717296.0000000000144000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
144000
|
Size: |
4096
|
|
4242000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309777860.0000000004242000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4242000
|
Size: |
4096
|
|
2701000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2282182849.0000000002701000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2701000
|
Size: |
4096
|
|
46FC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2426797246.00000000046FC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
46FC000
|
Size: |
942080
|
|
46DE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2425949838.00000000046DE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
46DE000
|
Size: |
901120
|
|
4554000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2347294395.0000000004554000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4554000
|
Size: |
4096
|
|
9B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2332281369.00000000009B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9B0000
|
Size: |
8192
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2366008983.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
42A9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2498443641.00000000042A9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42A9000
|
Size: |
331776
|
|
4227000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331133872.0000000004227000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4227000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
4253000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308567316.0000000004253000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4253000
|
Size: |
4096
|
|
9C5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2366867540.00000000009C5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C5000
|
Size: |
73728
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
4513000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2423313213.0000000004513000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4513000
|
Size: |
811008
|
|
9D9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2379071635.00000000009D9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D9000
|
Size: |
32768
|
|
9CC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2397270389.00000000009CC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9CC000
|
Size: |
45056
|
|
144000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281506497.0000000000144000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
144000
|
Size: |
4096
|
|
422A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2344240709.000000000422A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
422A000
|
Size: |
16384
|
|
425A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308944048.000000000425A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
425A000
|
Size: |
45056
|
|
4AD000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2157252939.00000000004AD000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
4AD000
|
Size: |
278528
|
|
6C6E5000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000004.00000002.2777361766.000000006C6E5000.00000008.00000001.01000000.0000000A.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
6C6E5000
|
Size: |
24576
|
|
45B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2419870687.00000000045B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45B0000
|
Size: |
622592
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2366372445.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
422A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2378998962.000000000422A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
422A000
|
Size: |
77824
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363091653.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
423D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364513248.000000000423D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423D000
|
Size: |
4096
|
|
4512000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2424547226.0000000004512000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4512000
|
Size: |
860160
|
|
4258000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309777860.0000000004258000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4258000
|
Size: |
12288
|
|
12F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2769940496.00000000012F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12F0000
|
Size: |
36864
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363635668.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
42B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2344977381.00000000042B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42B0000
|
Size: |
16384
|
|
9F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2279355210.00000000009F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
9F0000
|
Size: |
176128
|
|
42DD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331252826.00000000042DD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42DD000
|
Size: |
4096
|
|
6D353000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2777763162.000000006D353000.00000004.00000001.01000000.0000000B.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
6D353000
|
Size: |
12288
|
|
42B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2345356791.00000000042B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42B0000
|
Size: |
8192
|
|
2701000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2282356262.0000000002701000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2701000
|
Size: |
4096
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2365265084.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2362945884.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
9D8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2500610106.00000000009D8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D8000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2E60000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2770194091.0000000002E60000.00000002.00000001.01000000.00000008.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
2E60000
|
Size: |
4096
|
|
8B0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000000.2757670655.00000000008B0000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
8B0000
|
Size: |
4096
|
|
453C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2347294395.000000000453C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
453C000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
45EC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2347294395.00000000045EC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45EC000
|
Size: |
4096
|
|
42F5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2345356791.00000000042F5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42F5000
|
Size: |
16384
|
|
9CA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2379108002.00000000009CA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9CA000
|
Size: |
53248
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
461C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2432802494.000000000461C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
461C000
|
Size: |
999424
|
|
463E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2418736391.000000000463E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
463E000
|
Size: |
536576
|
|
4231000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309286581.0000000004231000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4231000
|
Size: |
65536
|
|
42A8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2310261051.00000000042A8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42A8000
|
Size: |
16384
|
|
42F5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2346802850.00000000042F5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42F5000
|
Size: |
16384
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363526151.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
2701000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2282299727.0000000002701000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2701000
|
Size: |
4096
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363587424.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
42A9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331032616.00000000042A9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42A9000
|
Size: |
69632
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364244783.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
2701000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2279291566.0000000002701000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2701000
|
Size: |
65536
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364302205.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
42CE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331252826.00000000042CE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42CE000
|
Size: |
4096
|
|
4246000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309339538.0000000004246000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4246000
|
Size: |
8192
|
|
464B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2419251968.000000000464B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
464B000
|
Size: |
577536
|
|
42CE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331524699.00000000042CE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42CE000
|
Size: |
4096
|
|
42C7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331252826.00000000042C7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42C7000
|
Size: |
8192
|
|
4329000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2344156676.0000000004329000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4329000
|
Size: |
81920
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2366148680.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
2701000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2282002020.0000000002701000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2701000
|
Size: |
4096
|
|
423D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331133872.000000000423D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423D000
|
Size: |
143360
|
|
425A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309339538.000000000425A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
425A000
|
Size: |
106496
|
|
451E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2433336519.000000000451E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
451E000
|
Size: |
1024000
|
|
42E6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309965768.00000000042E6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42E6000
|
Size: |
4096
|
|
421E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2500633661.000000000421E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
421E000
|
Size: |
12288
|
|
2701000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2282264354.0000000002701000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2701000
|
Size: |
4096
|
|
4241000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308567316.0000000004241000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4241000
|
Size: |
8192
|
|
144000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281618631.0000000000144000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
144000
|
Size: |
4096
|
|
42B3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2332182032.00000000042B3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42B3000
|
Size: |
32768
|
|
45C4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2347294395.00000000045C4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45C4000
|
Size: |
4096
|
|
42B3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331875800.00000000042B3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42B3000
|
Size: |
32768
|
|
461C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2433031480.000000000461C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
461C000
|
Size: |
1015808
|
|
4514000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2507893033.0000000004514000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4514000
|
Size: |
6017024
|
|
4227000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2343965668.0000000004227000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4227000
|
Size: |
28672
|
|
144000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2280050059.0000000000144000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
144000
|
Size: |
4096
|
|
4F2000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000000.2157302683.00000000004F2000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
4F2000
|
Size: |
8192
|
|
426A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308944048.000000000426A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
426A000
|
Size: |
40960
|
|
5EB3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2746647026.0000000005EB3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5EB3000
|
Size: |
782336
|
|
4349000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2367411913.0000000004349000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4349000
|
Size: |
4096
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2365811443.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363438901.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
423D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2365441423.000000000423D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423D000
|
Size: |
4096
|
|
432F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2345159843.000000000432F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
432F000
|
Size: |
8192
|
|
427A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309553437.000000000427A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
427A000
|
Size: |
4096
|
|
42C7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331524699.00000000042C7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42C7000
|
Size: |
8192
|
|
4216000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2343965668.0000000004216000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4216000
|
Size: |
61440
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364883519.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
45FC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2347294395.00000000045FC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45FC000
|
Size: |
4096
|
|
144000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281680862.0000000000144000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
144000
|
Size: |
4096
|
|
144000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281559592.0000000000144000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
144000
|
Size: |
4096
|
|
129E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2769878695.000000000129E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
129E000
|
Size: |
8192
|
|
4513000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2430401278.0000000004513000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4513000
|
Size: |
974848
|
|
3144000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2770824598.0000000003144000.00000002.00000001.01000000.00000008.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
3144000
|
Size: |
4481024
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
42A8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309777860.00000000042A8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42A8000
|
Size: |
16384
|
|
4242000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2500496233.0000000004242000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4242000
|
Size: |
90112
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2366148680.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
424C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308567316.000000000424C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424C000
|
Size: |
4096
|
|
422E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2367688645.000000000422E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
422E000
|
Size: |
167936
|
|
9D8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2397414206.00000000009D8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D8000
|
Size: |
36864
|
|
9D9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2366867540.00000000009D9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D9000
|
Size: |
32768
|
|
42E1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2345356791.00000000042E1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42E1000
|
Size: |
4096
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364142171.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
4514000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2421270571.0000000004514000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4514000
|
Size: |
720896
|
|
6C6EB000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2777419286.000000006C6EB000.00000004.00000001.01000000.0000000A.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
6C6EB000
|
Size: |
4096
|
|
4278000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309339538.0000000004278000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4278000
|
Size: |
4096
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364366865.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
427A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308944048.000000000427A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
427A000
|
Size: |
4096
|
|
4231000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309511526.0000000004231000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4231000
|
Size: |
65536
|
|
9B5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2332281369.00000000009B5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9B5000
|
Size: |
4096
|
|
9B9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2332281369.00000000009B9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9B9000
|
Size: |
122880
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
4516000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2501877009.0000000004516000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4516000
|
Size: |
3375104
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
45C5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2420620296.00000000045C5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45C5000
|
Size: |
679936
|
|
434A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2499952058.000000000434A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
434A000
|
Size: |
20480
|
|
4523000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2347294395.0000000004523000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4523000
|
Size: |
8192
|
|
45D8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2422422926.00000000045D8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45D8000
|
Size: |
770048
|
|
B00000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2282520505.0000000000B00000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
B00000
|
Size: |
4096
|
|
144000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281643597.0000000000144000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
144000
|
Size: |
4096
|
|
468C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2347294395.000000000468C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
468C000
|
Size: |
4096
|
|
9D8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2397142760.00000000009D8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D8000
|
Size: |
36864
|
|
9C5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2367484800.00000000009C5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C5000
|
Size: |
4096
|
|
B3FD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2776671015.000000000B3FD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
B3FD000
|
Size: |
458752
|
|
45EA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2423955221.00000000045EA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45EA000
|
Size: |
835584
|
|
2701000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2279724357.0000000002701000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2701000
|
Size: |
237568
|
|
433F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2396950919.000000000433F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
433F000
|
Size: |
4096
|
|
4318000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2367560537.0000000004318000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4318000
|
Size: |
8192
|
|
42B3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2332060755.00000000042B3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42B3000
|
Size: |
32768
|
|
42BB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331524699.00000000042BB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42BB000
|
Size: |
4096
|
|
4224000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331723413.0000000004224000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4224000
|
Size: |
16384
|
|
42AF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2330842600.00000000042AF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42AF000
|
Size: |
12288
|
|
3069000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2770586034.0000000003069000.00000004.00000001.01000000.00000008.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
3069000
|
Size: |
20480
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
433F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2345159843.000000000433F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
433F000
|
Size: |
8192
|
|
4246000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308567316.0000000004246000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4246000
|
Size: |
8192
|
|
433A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2396950919.000000000433A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
433A000
|
Size: |
4096
|
|
425D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331933508.000000000425D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
425D000
|
Size: |
4096
|
|
307E000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2770789868.000000000307E000.00000002.00000001.01000000.00000008.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
307E000
|
Size: |
4096
|
|
B00000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2282501273.0000000000B00000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
B00000
|
Size: |
4096
|
|
9BE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2366822613.00000000009BE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9BE000
|
Size: |
102400
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
4512000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2499040096.0000000004512000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4512000
|
Size: |
10485760
|
|
425A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309553437.000000000425A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
425A000
|
Size: |
106496
|
|
42DD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331524699.00000000042DD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42DD000
|
Size: |
4096
|
|
4603000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2428036788.0000000004603000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4603000
|
Size: |
966656
|
|
12FE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2769940496.00000000012FE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12FE000
|
Size: |
131072
|
|
4511000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2420688597.0000000004511000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4511000
|
Size: |
688128
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363329373.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
4519000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2418433160.0000000004519000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4519000
|
Size: |
520192
|
|
9D9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2379108002.00000000009D9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D9000
|
Size: |
32768
|
|
4349000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2396950919.0000000004349000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4349000
|
Size: |
4096
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364302205.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
421E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2332263889.000000000421E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
421E000
|
Size: |
12288
|
|
4514000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2425662117.0000000004514000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4514000
|
Size: |
892928
|
|
38F1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2771851128.00000000038F1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
38F1000
|
Size: |
512000
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364686013.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
42D1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331252826.00000000042D1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42D1000
|
Size: |
8192
|
|
4216000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2378932528.0000000004216000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4216000
|
Size: |
28672
|
|
45D5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2421789420.00000000045D5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45D5000
|
Size: |
745472
|
|
45DF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2421378981.00000000045DF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45DF000
|
Size: |
720896
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2362985394.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
1362000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2769940496.0000000001362000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1362000
|
Size: |
86016
|
|
4513000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2434240977.0000000004513000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4513000
|
Size: |
1064960
|
|
B00000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2282536993.0000000000B00000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
B00000
|
Size: |
4096
|
|
42F5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2344977381.00000000042F5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42F5000
|
Size: |
12288
|
|
422C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2330992436.000000000422C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
422C000
|
Size: |
4096
|
|
6D391000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2777863510.000000006D391000.00000004.00000001.01000000.00000009.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
6D391000
|
Size: |
4096
|
|
451C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2422680793.000000000451C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
451C000
|
Size: |
786432
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364244783.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
144000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281524339.0000000000144000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
144000
|
Size: |
4096
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363587424.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
5F7E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2746647026.0000000005F7E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5F7E000
|
Size: |
4476928
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
422F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2362501407.000000000422F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
422F000
|
Size: |
24576
|
|
2701000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2282112288.0000000002701000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2701000
|
Size: |
4096
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2365365846.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364686013.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
42AD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2332060755.00000000042AD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42AD000
|
Size: |
8192
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2365099681.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
4249000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309553437.0000000004249000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4249000
|
Size: |
8192
|
|
4686000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2421151522.0000000004686000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4686000
|
Size: |
712704
|
|
8B0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2769043157.00000000008B0000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
8B0000
|
Size: |
4096
|
|
422C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331723413.000000000422C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
422C000
|
Size: |
8192
|
|
45A1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2419063337.00000000045A1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45A1000
|
Size: |
561152
|
|
425B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308472533.000000000425B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
425B000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
4229000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2362609815.0000000004229000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4229000
|
Size: |
20480
|
|
4231000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2310261051.0000000004231000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4231000
|
Size: |
65536
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2365043290.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
46A8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2422546294.00000000046A8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
46A8000
|
Size: |
778240
|
|
1220000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2769729905.0000000001220000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1220000
|
Size: |
4096
|
|
9D7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2498692042.00000000009D7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D7000
|
Size: |
40960
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
42D7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331524699.00000000042D7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42D7000
|
Size: |
4096
|
|
4231000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308344287.0000000004231000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4231000
|
Size: |
65536
|
|
9BB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2366959532.00000000009BB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9BB000
|
Size: |
12288
|
|
4615000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2433697447.0000000004615000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4615000
|
Size: |
1040384
|
|
4347000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2345159843.0000000004347000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4347000
|
Size: |
8192
|
|
4603000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2426172259.0000000004603000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4603000
|
Size: |
917504
|
|
2701000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2282037286.0000000002701000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2701000
|
Size: |
4096
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2366521562.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
4250000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331723413.0000000004250000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4250000
|
Size: |
4096
|
|
4441000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2500407715.0000000004441000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4441000
|
Size: |
446464
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
9D9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2332281369.00000000009D9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D9000
|
Size: |
32768
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
423D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331723413.000000000423D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423D000
|
Size: |
45056
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364788142.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
422C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331133872.000000000422C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
422C000
|
Size: |
20480
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
45EE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2422254197.00000000045EE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45EE000
|
Size: |
761856
|
|
4517000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2424245880.0000000004517000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4517000
|
Size: |
851968
|
|
BDF000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2769575607.0000000000BDF000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
BDF000
|
Size: |
143360
|
|
42E1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2367268782.00000000042E1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42E1000
|
Size: |
4096
|
|
451A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2422868545.000000000451A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
451A000
|
Size: |
794624
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2365507777.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
451D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2426932368.000000000451D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
451D000
|
Size: |
950272
|
|
45FE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2424962649.00000000045FE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45FE000
|
Size: |
876544
|
|
4274000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2308472533.0000000004274000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4274000
|
Size: |
139264
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2365187144.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
4418000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2417345252.0000000004418000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4418000
|
Size: |
860160
|
|
42D1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2367268782.00000000042D1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42D1000
|
Size: |
57344
|
|
42C1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2367268782.00000000042C1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42C1000
|
Size: |
8192
|
|
451D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2347294395.000000000451D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
451D000
|
Size: |
4096
|
|
451F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2422026000.000000000451F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
451F000
|
Size: |
753664
|
|
4349000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2344156676.0000000004349000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4349000
|
Size: |
4096
|
|
4246000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2378906041.0000000004246000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4246000
|
Size: |
69632
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2366521562.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
45CD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2421038510.00000000045CD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45CD000
|
Size: |
704512
|
|
4512000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2427293043.0000000004512000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4512000
|
Size: |
958464
|
|
6D380000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2777813554.000000006D380000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6D380000
|
Size: |
4096
|
|
45A7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2418550702.00000000045A7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45A7000
|
Size: |
528384
|
|
9C9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2367038789.00000000009C9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C9000
|
Size: |
57344
|
|
9B9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2379188587.00000000009B9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9B9000
|
Size: |
8192
|
|
BCF000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000004.00000000.2757939586.0000000000BCF000.00000008.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
BCF000
|
Size: |
36864
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2365265084.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
4510000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2420949362.0000000004510000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4510000
|
Size: |
704512
|
|
42C1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2344977381.00000000042C1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42C1000
|
Size: |
139264
|
|
AC75000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2775936845.000000000AC75000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
AC75000
|
Size: |
348160
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364950258.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
423D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2365954852.000000000423D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423D000
|
Size: |
4096
|
|
46BC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2423194182.00000000046BC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
46BC000
|
Size: |
802816
|
|
4221000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2344287341.0000000004221000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4221000
|
Size: |
16384
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2365099681.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
465F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2419737405.000000000465F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
465F000
|
Size: |
614400
|
|
4224000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2397375137.0000000004224000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4224000
|
Size: |
16384
|
|
10003000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2777083531.0000000010003000.00000004.00000001.01000000.00000007.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
10003000
|
Size: |
4096
|
|
422A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2378932528.000000000422A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
422A000
|
Size: |
77824
|
|
50D9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2756894764.00000000050D9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
50D9000
|
Size: |
8417280
|
|
144000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281454077.0000000000144000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
144000
|
Size: |
4096
|
|
FBB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2769702481.0000000000FBB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
FBB000
|
Size: |
20480
|
|
4516000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2418813242.0000000004516000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4516000
|
Size: |
536576
|
|
9C7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2367484800.00000000009C7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C7000
|
Size: |
8192
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2365922937.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
4221000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2332245812.0000000004221000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4221000
|
Size: |
12288
|
|
37B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2771825043.00000000037B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
37B0000
|
Size: |
4096
|
|
4519000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2424802826.0000000004519000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4519000
|
Size: |
868352
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2365568504.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
423D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2366756510.000000000423D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423D000
|
Size: |
4096
|
|
3082000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2770824598.0000000003082000.00000002.00000001.01000000.00000008.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
3082000
|
Size: |
745472
|
|
4441000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2498392768.0000000004441000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4441000
|
Size: |
507904
|
|
4217000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2397348564.0000000004217000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4217000
|
Size: |
69632
|
|
6C6E2000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2777339273.000000006C6E2000.00000004.00000001.01000000.0000000A.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
6C6E2000
|
Size: |
12288
|
|
4227000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2344287341.0000000004227000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4227000
|
Size: |
4096
|
|
8B1000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000004.00000002.2769089642.00000000008B1000.00000020.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
8B1000
|
Size: |
2678784
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2364788142.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
45C6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2420474857.00000000045C6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45C6000
|
Size: |
671744
|
|
2701000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2282076038.0000000002701000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2701000
|
Size: |
4096
|
|
306F000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2770629732.000000000306F000.00000004.00000001.01000000.00000008.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
306F000
|
Size: |
4096
|
|
1250000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2769847218.0000000001250000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1250000
|
Size: |
16384
|
|
424D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331723413.000000000424D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424D000
|
Size: |
8192
|
|
9B1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2379188587.00000000009B1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9B1000
|
Size: |
4096
|
|
36A1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2761866773.00000000036A1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
36A1000
|
Size: |
208896
|
|
6C501000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000004.00000002.2777139119.000000006C501000.00000020.00000001.01000000.0000000A.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
6C501000
|
Size: |
1609728
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2365694393.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363091653.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
45C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2420320973.00000000045C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45C0000
|
Size: |
655360
|
|
460E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2426440796.000000000460E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
460E000
|
Size: |
925696
|
|
4221000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2362636798.0000000004221000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4221000
|
Size: |
28672
|
|
9D8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2397270389.00000000009D8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D8000
|
Size: |
36864
|
|
42E5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331252826.00000000042E5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42E5000
|
Size: |
8192
|
|
42DA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2331524699.00000000042DA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42DA000
|
Size: |
8192
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363809006.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2362985394.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2365187144.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
8B1000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000004.00000000.2757699437.00000000008B1000.00000020.00000001.01000000.00000006.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
8B1000
|
Size: |
2678784
|
|
421F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2379168387.000000000421F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
421F000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
45F4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2425372303.00000000045F4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45F4000
|
Size: |
884736
|
|
4518000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2432661468.0000000004518000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4518000
|
Size: |
999424
|
|
423E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363274576.000000000423E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423E000
|
Size: |
4096
|
|
9C7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2379071635.00000000009C7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C7000
|
Size: |
65536
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
424E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2363438901.000000000424E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
424E000
|
Size: |
4096
|
|
4616000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2431723901.0000000004616000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4616000
|
Size: |
983040
|
|
423D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2362501407.000000000423D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
423D000
|
Size: |
24576
|
|
42C6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309965768.00000000042C6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42C6000
|
Size: |
126976
|
|