35B6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473322611.00000000035B6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35B6000
|
Size: |
12288
|
|
35C5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473066995.00000000035C5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C5000
|
Size: |
8192
|
|
3891000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1562540428.0000000003891000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3891000
|
Size: |
745472
|
|
2351000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433753736.0000000002351000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2351000
|
Size: |
4096
|
|
359B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655866726.000000000359B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
359B000
|
Size: |
4096
|
|
36C8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489884123.00000000036C8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36C8000
|
Size: |
4096
|
|
362D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1650038317.000000000362D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
362D000
|
Size: |
290816
|
|
359A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1471936437.000000000359A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
359A000
|
Size: |
12288
|
|
915000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1525485033.0000000000915000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
915000
|
Size: |
65536
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
35BE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1506105688.00000000035BE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35BE000
|
Size: |
8192
|
|
89C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1653822654.000000000089C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
89C000
|
Size: |
32768
|
|
35AA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488147989.00000000035AA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AA000
|
Size: |
20480
|
|
360F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1487967202.000000000360F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
360F000
|
Size: |
12288
|
|
35CF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1504318395.00000000035CF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CF000
|
Size: |
4096
|
|
3691000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1558887677.0000000003691000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3691000
|
Size: |
1277952
|
|
918000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1545305214.0000000000918000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
918000
|
Size: |
53248
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
927000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472970311.0000000000927000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
927000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
|
927000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1545305214.0000000000927000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
927000
|
Size: |
36864
|
|
90C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1507270359.000000000090C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
90C000
|
Size: |
16384
|
|
35A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1508217123.00000000035A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A0000
|
Size: |
12288
|
|
915000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1545305214.0000000000915000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
915000
|
Size: |
8192
|
|
28E0000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1434119220.00000000028E0000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
28E0000
|
Size: |
4096
|
|
3621000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1525281668.0000000003621000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3621000
|
Size: |
8192
|
|
361C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1508401596.000000000361C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
361C000
|
Size: |
4096
|
|
35AF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1504389679.00000000035AF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AF000
|
Size: |
4096
|
|
697000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.1654673392.0000000000697000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
697000
|
Size: |
348160
|
|
3800000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489884123.0000000003800000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3800000
|
Size: |
4096
|
|
90C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1458271658.000000000090C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
90C000
|
Size: |
8192
|
|
1D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433527782.00000000001D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1D4000
|
Size: |
4096
|
|
4FC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654335910.00000000004FC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4FC000
|
Size: |
16384
|
|
3893000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1561038628.0000000003893000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3893000
|
Size: |
630784
|
|
884000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655161136.0000000000884000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
884000
|
Size: |
32768
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
35D9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473066995.00000000035D9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35D9000
|
Size: |
8192
|
|
362C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472625117.000000000362C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
362C000
|
Size: |
12288
|
|
3673000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1656026233.0000000003673000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3673000
|
Size: |
4096
|
|
1D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433490639.00000000001D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1D4000
|
Size: |
4096
|
|
35AE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1460758808.00000000035AE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AE000
|
Size: |
16384
|
|
2351000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433937366.0000000002351000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2351000
|
Size: |
4096
|
|
35AF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1506318325.00000000035AF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AF000
|
Size: |
4096
|
|
35DB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459531987.00000000035DB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35DB000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
35FE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488147989.00000000035FE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35FE000
|
Size: |
4096
|
|
359A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472746342.000000000359A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
359A000
|
Size: |
90112
|
|
87A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654820610.000000000087A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
87A000
|
Size: |
4096
|
|
300E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655626808.000000000300E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
300E000
|
Size: |
8192
|
|
3610000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488537718.0000000003610000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3610000
|
Size: |
139264
|
|
3934000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1560821492.0000000003934000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3934000
|
Size: |
610304
|
|
35AA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1460758808.00000000035AA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AA000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
3891000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1560365847.0000000003891000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3891000
|
Size: |
544768
|
|
2351000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433823820.0000000002351000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2351000
|
Size: |
4096
|
|
840000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654820610.0000000000840000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
840000
|
Size: |
16384
|
|
2351000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433908923.0000000002351000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2351000
|
Size: |
4096
|
|
3987000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1566293467.0000000003987000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3987000
|
Size: |
958464
|
|
927000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472020829.0000000000927000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
927000
|
Size: |
36864
|
|
3890000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1653133420.0000000003890000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3890000
|
Size: |
10485760
|
|
361C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1501638217.000000000361C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
361C000
|
Size: |
32768
|
|
3603000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1460634500.0000000003603000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3603000
|
Size: |
126976
|
|
35AC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1545365140.00000000035AC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AC000
|
Size: |
12288
|
|
21DF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655395943.00000000021DF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
21DF000
|
Size: |
4096
|
|
916000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1458176537.0000000000916000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
916000
|
Size: |
20480
|
|
8FF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472020829.00000000008FF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8FF000
|
Size: |
69632
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
362C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473066995.000000000362C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
362C000
|
Size: |
12288
|
|
3A9F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1567162594.0000000003A9F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A9F000
|
Size: |
999424
|
|
389A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1562788437.000000000389A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
389A000
|
Size: |
761856
|
|
612000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000002.1654598946.0000000000612000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
612000
|
Size: |
245760
|
|
911000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1654117373.0000000000911000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
911000
|
Size: |
16384
|
|
35ED000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473575764.00000000035ED000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35ED000
|
Size: |
126976
|
|
580000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1303520583.0000000000580000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
580000
|
Size: |
4096
|
|
3691000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1560160263.0000000003691000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3691000
|
Size: |
516096
|
|
90D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655316900.000000000090D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
90D000
|
Size: |
12288
|
|
395A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1562453151.000000000395A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
395A000
|
Size: |
737280
|
|
35A9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1501923451.00000000035A9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A9000
|
Size: |
28672
|
|
3A4B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1564002440.0000000003A4B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A4B000
|
Size: |
843776
|
|
35A4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1545365140.00000000035A4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A4000
|
Size: |
4096
|
|
35CC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488597160.00000000035CC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CC000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
389C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1563275627.000000000389C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
389C000
|
Size: |
794624
|
|
2351000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433800661.0000000002351000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2351000
|
Size: |
4096
|
|
35C3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459934838.00000000035C3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C3000
|
Size: |
8192
|
|
35C8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459633218.00000000035C8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C8000
|
Size: |
8192
|
|
2351000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433960669.0000000002351000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2351000
|
Size: |
4096
|
|
911000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1653822654.0000000000911000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
911000
|
Size: |
16384
|
|
35CF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1506910736.00000000035CF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CF000
|
Size: |
4096
|
|
35EB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1508401596.00000000035EB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35EB000
|
Size: |
8192
|
|
873000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654820610.0000000000873000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
873000
|
Size: |
8192
|
|
3972000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1565108762.0000000003972000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3972000
|
Size: |
892928
|
|
35A4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1525588055.00000000035A4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A4000
|
Size: |
4096
|
|
389E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1568251158.000000000389E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
389E000
|
Size: |
1040384
|
|
35C6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488273163.00000000035C6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C6000
|
Size: |
4096
|
|
3932000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1561097744.0000000003932000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3932000
|
Size: |
638976
|
|
1D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433548857.00000000001D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1D4000
|
Size: |
4096
|
|
581000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000002.1654438171.0000000000581000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
581000
|
Size: |
462848
|
|
35C4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1460704759.00000000035C4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C4000
|
Size: |
4096
|
|
35BE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1502086540.00000000035BE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35BE000
|
Size: |
8192
|
|
35A7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1501923451.00000000035A7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A7000
|
Size: |
4096
|
|
3760000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489884123.0000000003760000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3760000
|
Size: |
4096
|
|
911000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472970311.0000000000911000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
911000
|
Size: |
81920
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
35EC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459934838.00000000035EC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35EC000
|
Size: |
40960
|
|
2351000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433777740.0000000002351000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2351000
|
Size: |
4096
|
|
3A57000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1565214533.0000000003A57000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A57000
|
Size: |
901120
|
|
581000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000000.1303540536.0000000000581000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
581000
|
Size: |
462848
|
|
35DC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459934838.00000000035DC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35DC000
|
Size: |
45056
|
|
318D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655668452.000000000318D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
318D000
|
Size: |
12288
|
|
8C7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655253530.00000000008C7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8C7000
|
Size: |
110592
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
3595000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472109977.0000000003595000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3595000
|
Size: |
20480
|
|
87C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654820610.000000000087C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
87C000
|
Size: |
12288
|
|
345E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655834276.000000000345E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
345E000
|
Size: |
8192
|
|
35F7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1460462202.00000000035F7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35F7000
|
Size: |
4096
|
|
650000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000002.1654646885.0000000000650000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
650000
|
Size: |
24576
|
|
53E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654351178.000000000053E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
53E000
|
Size: |
8192
|
|
21E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.1655408868.00000000021E0000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
21E0000
|
Size: |
348160
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Yara signature match |
System Summary |
|
|
3A3F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1563581563.0000000003A3F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A3F000
|
Size: |
811008
|
|
5F2000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1303585796.00000000005F2000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
5F2000
|
Size: |
131072
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
2351000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433871154.0000000002351000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2351000
|
Size: |
4096
|
|
399B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1566848361.000000000399B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
399B000
|
Size: |
983040
|
|
35A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1525588055.00000000035A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A0000
|
Size: |
12288
|
|
927000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1650069495.0000000000927000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
927000
|
Size: |
36864
|
|
917000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1507361886.0000000000917000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
917000
|
Size: |
57344
|
|
35A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655913416.00000000035A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A0000
|
Size: |
36864
|
|
389D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1561668548.000000000389D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
389D000
|
Size: |
688128
|
|
35AC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472388115.00000000035AC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AC000
|
Size: |
4096
|
|
3895000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1566194269.0000000003895000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3895000
|
Size: |
950272
|
|
314E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655654544.000000000314E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
314E000
|
Size: |
8192
|
|
35B2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473322611.00000000035B2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35B2000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
35AF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1509690936.00000000035AF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AF000
|
Size: |
172032
|
|
3892000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1569413670.0000000003892000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3892000
|
Size: |
1097728
|
|
3635000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473322611.0000000003635000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3635000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
362C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1487722150.000000000362C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
362C000
|
Size: |
53248
|
|
8C7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1654036038.00000000008C7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8C7000
|
Size: |
110592
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
3895000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1564805279.0000000003895000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3895000
|
Size: |
876544
|
|
361C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1649929759.000000000361C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
361C000
|
Size: |
28672
|
|
35AD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1502164847.00000000035AD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AD000
|
Size: |
8192
|
|
911000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472020829.0000000000911000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
911000
|
Size: |
81920
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
3892000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1565316036.0000000003892000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3892000
|
Size: |
909312
|
|
3988000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1565652484.0000000003988000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3988000
|
Size: |
925696
|
|
35FC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1460462202.00000000035FC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35FC000
|
Size: |
4096
|
|
35AA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1525588055.00000000035AA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AA000
|
Size: |
4096
|
|
3942000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1561278281.0000000003942000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3942000
|
Size: |
655360
|
|
73D00000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.1656075988.0000000073D00000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
73D00000
|
Size: |
4096
|
|
1D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433450795.00000000001D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1D4000
|
Size: |
4096
|
|
362C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1474026109.000000000362C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
362C000
|
Size: |
16384
|
|
3620000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1487967202.0000000003620000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3620000
|
Size: |
81920
|
|
1D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1431830844.00000000001D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1D4000
|
Size: |
4096
|
|
234F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655452136.000000000234F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
234F000
|
Size: |
4096
|
|
3898000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1560765150.0000000003898000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3898000
|
Size: |
602112
|
|
3898000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1561218348.0000000003898000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3898000
|
Size: |
647168
|
|
2351000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1431806647.0000000002351000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2351000
|
Size: |
65536
|
|
82E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654805914.000000000082E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
82E000
|
Size: |
8192
|
|
3892000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1568771799.0000000003892000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3892000
|
Size: |
1064960
|
|
35CF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1505999873.00000000035CF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CF000
|
Size: |
4096
|
|
363C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473942852.000000000363C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
363C000
|
Size: |
4096
|
|
8E4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1654036038.00000000008E4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8E4000
|
Size: |
180224
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
39A8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1569316397.00000000039A8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
39A8000
|
Size: |
1089536
|
|
35E7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1509690936.00000000035E7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E7000
|
Size: |
4096
|
|
3895000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1564622857.0000000003895000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3895000
|
Size: |
868352
|
|
389A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1562365040.000000000389A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
389A000
|
Size: |
729088
|
|
1D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654307460.00000000001D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1D0000
|
Size: |
16384
|
|
362C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1460634500.000000000362C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
362C000
|
Size: |
4096
|
|
918000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655349222.0000000000918000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
918000
|
Size: |
53248
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
931000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1507361886.0000000000931000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
931000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
35CF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1506822011.00000000035CF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CF000
|
Size: |
4096
|
|
90F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1458192779.000000000090F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
90F000
|
Size: |
4096
|
|
64E000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654633195.000000000064E000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
64E000
|
Size: |
8192
|
|
931000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1508020939.0000000000931000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
931000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
35BE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1501923451.00000000035BE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35BE000
|
Size: |
4096
|
|
361F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1501788778.000000000361F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
361F000
|
Size: |
20480
|
|
884000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1653822654.0000000000884000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
884000
|
Size: |
32768
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
1E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654322711.00000000001E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E0000
|
Size: |
8192
|
|
28E0000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1434136428.00000000028E0000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
28E0000
|
Size: |
4096
|
|
35DB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459633218.00000000035DB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35DB000
|
Size: |
8192
|
|
7C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654773774.00000000007C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7C0000
|
Size: |
4096
|
|
35D3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472746342.00000000035D3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35D3000
|
Size: |
8192
|
|
5F2000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.1654575270.00000000005F2000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
5F2000
|
Size: |
131072
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
3691000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1559145150.0000000003691000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3691000
|
Size: |
1376256
|
|
85B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654820610.000000000085B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
85B000
|
Size: |
94208
|
|
35BE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1504810513.00000000035BE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35BE000
|
Size: |
8192
|
|
35F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488798730.00000000035F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35F0000
|
Size: |
73728
|
|
35CF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1504500829.00000000035CF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CF000
|
Size: |
4096
|
|
3636000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1507676529.0000000003636000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3636000
|
Size: |
8192
|
|
35C6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488597160.00000000035C6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C6000
|
Size: |
4096
|
|
35FE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488395834.00000000035FE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35FE000
|
Size: |
4096
|
|
35BE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1502539960.00000000035BE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35BE000
|
Size: |
8192
|
|
911000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1458192779.0000000000911000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
911000
|
Size: |
16384
|
|
35A5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459633218.00000000035A5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A5000
|
Size: |
131072
|
|
2F0E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655612297.0000000002F0E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2F0E000
|
Size: |
8192
|
|
35CF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1506318325.00000000035CF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CF000
|
Size: |
4096
|
|
35AC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1545425374.00000000035AC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AC000
|
Size: |
12288
|
|
376F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1559750269.000000000376F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
376F000
|
Size: |
954368
|
|
3697000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489884123.0000000003697000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3697000
|
Size: |
8192
|
|
3631000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473942852.0000000003631000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3631000
|
Size: |
4096
|
|
3929000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1560422757.0000000003929000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3929000
|
Size: |
552960
|
|
35FE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488273163.00000000035FE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35FE000
|
Size: |
4096
|
|
3960000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1563503830.0000000003960000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3960000
|
Size: |
811008
|
|
3892000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1564260588.0000000003892000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3892000
|
Size: |
860160
|
|
35CB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1460462202.00000000035CB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CB000
|
Size: |
8192
|
|
3606000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488395834.0000000003606000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3606000
|
Size: |
4096
|
|
550000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654367780.0000000000550000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
550000
|
Size: |
16384
|
|
2351000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433622235.0000000002351000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2351000
|
Size: |
4096
|
|
35D9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472746342.00000000035D9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35D9000
|
Size: |
8192
|
|
35CF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1502251817.00000000035CF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CF000
|
Size: |
4096
|
|
35AF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1502539960.00000000035AF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AF000
|
Size: |
4096
|
|
35AB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1650121439.00000000035AB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AB000
|
Size: |
16384
|
|
3968000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1562870866.0000000003968000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3968000
|
Size: |
761856
|
|
3997000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1567073295.0000000003997000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3997000
|
Size: |
991232
|
|
35CF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1504692806.00000000035CF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CF000
|
Size: |
4096
|
|
8E4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1653822654.00000000008E4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8E4000
|
Size: |
180224
|
|
8A5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1653822654.00000000008A5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8A5000
|
Size: |
16384
|
|
1D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433474021.00000000001D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1D4000
|
Size: |
4096
|
|
15B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654277147.000000000015B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
15B000
|
Size: |
20480
|
|
35D5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459633218.00000000035D5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35D5000
|
Size: |
4096
|
|
3631000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473322611.0000000003631000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3631000
|
Size: |
4096
|
|
3899000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1565961788.0000000003899000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3899000
|
Size: |
942080
|
|
375F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1559056422.000000000375F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
375F000
|
Size: |
888832
|
|
35DD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459438667.00000000035DD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35DD000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
362A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459934838.000000000362A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
362A000
|
Size: |
12288
|
|
35A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488253562.00000000035A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A0000
|
Size: |
12288
|
|
362C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1649929759.000000000362C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
362C000
|
Size: |
294912
|
|
28E0000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1434150654.00000000028E0000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
28E0000
|
Size: |
4096
|
|
35AA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488883164.00000000035AA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AA000
|
Size: |
20480
|
|
35C2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472746342.00000000035C2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C2000
|
Size: |
4096
|
|
35DB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459746208.00000000035DB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35DB000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
927000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1525485033.0000000000927000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
927000
|
Size: |
36864
|
|
3892000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1562011454.0000000003892000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3892000
|
Size: |
712704
|
|
35BE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1506318325.00000000035BE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35BE000
|
Size: |
8192
|
|
35CF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1506582103.00000000035CF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CF000
|
Size: |
4096
|
|
35AF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1649929759.00000000035AF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AF000
|
Size: |
417792
|
|
362A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459438667.000000000362A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
362A000
|
Size: |
8192
|
|
2351000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433987320.0000000002351000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2351000
|
Size: |
4096
|
|
35D8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489749685.00000000035D8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35D8000
|
Size: |
139264
|
|
3655000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1507676529.0000000003655000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3655000
|
Size: |
8192
|
|
3594000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1525765520.0000000003594000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3594000
|
Size: |
24576
|
|
87F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1653822654.000000000087F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
87F000
|
Size: |
4096
|
|
35BE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1504583534.00000000035BE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35BE000
|
Size: |
8192
|
|
35A3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489838158.00000000035A3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A3000
|
Size: |
8192
|
|
35D1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472746342.00000000035D1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35D1000
|
Size: |
4096
|
|
931000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1507270359.0000000000931000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
931000
|
Size: |
36864
|
|
1D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433511928.00000000001D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1D4000
|
Size: |
4096
|
|
361C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655969155.000000000361C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
361C000
|
Size: |
28672
|
|
35BE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1504389679.00000000035BE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35BE000
|
Size: |
8192
|
|
911000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1545437777.0000000000911000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
911000
|
Size: |
16384
|
|
35AF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1506105688.00000000035AF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AF000
|
Size: |
4096
|
|
3623000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1460634500.0000000003623000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3623000
|
Size: |
4096
|
|
35E9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1471905485.00000000035E9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E9000
|
Size: |
4096
|
|
35CE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459746208.00000000035CE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CE000
|
Size: |
4096
|
|
35A4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1487767502.00000000035A4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A4000
|
Size: |
12288
|
|
396C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1563359191.000000000396C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
396C000
|
Size: |
794624
|
|
3897000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1560250504.0000000003897000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3897000
|
Size: |
528384
|
|
35DE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488597160.00000000035DE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35DE000
|
Size: |
4096
|
|
890000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1653822654.0000000000890000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
890000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
|
3954000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1562107060.0000000003954000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3954000
|
Size: |
712704
|
|
580000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.1654423669.0000000000580000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
580000
|
Size: |
4096
|
|
3635000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473942852.0000000003635000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3635000
|
Size: |
8192
|
|
3624000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1507676529.0000000003624000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3624000
|
Size: |
12288
|
|
35CB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473066995.00000000035CB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CB000
|
Size: |
4096
|
|
3691000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489884123.0000000003691000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3691000
|
Size: |
4096
|
|
931000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472970311.0000000000931000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
931000
|
Size: |
36864
|
|
35F7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472625117.00000000035F7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35F7000
|
Size: |
143360
|
|
3770000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489884123.0000000003770000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3770000
|
Size: |
4096
|
|
35B6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472162374.00000000035B6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35B6000
|
Size: |
8192
|
|
73D16000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.1656127941.0000000073D16000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
73D16000
|
Size: |
28672
|
|
8AA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655161136.00000000008AA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8AA000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
35E6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488597160.00000000035E6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E6000
|
Size: |
4096
|
|
8B8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1654036038.00000000008B8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8B8000
|
Size: |
49152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3891000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1560474735.0000000003891000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3891000
|
Size: |
561152
|
|
35AD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472131761.00000000035AD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AD000
|
Size: |
20480
|
|
890000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655161136.0000000000890000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
890000
|
Size: |
36864
|
|
355E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655851820.000000000355E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
355E000
|
Size: |
8192
|
|
2351000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433846866.0000000002351000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2351000
|
Size: |
4096
|
|
35BE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1506582103.00000000035BE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35BE000
|
Size: |
8192
|
|
7E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654789472.00000000007E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7E0000
|
Size: |
12288
|
|
87B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1654159250.000000000087B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
87B000
|
Size: |
16384
|
|
35F6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488597160.00000000035F6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35F6000
|
Size: |
4096
|
|
35BE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1506910736.00000000035BE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35BE000
|
Size: |
8192
|
|
1C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654293078.00000000001C0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1C0000
|
Size: |
4096
|
|
3969000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1563915154.0000000003969000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3969000
|
Size: |
835584
|
|
3768000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489884123.0000000003768000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3768000
|
Size: |
4096
|
|
35CF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1506431076.00000000035CF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CF000
|
Size: |
4096
|
|
90C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1545437777.000000000090C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
90C000
|
Size: |
16384
|
|
35AF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1502086540.00000000035AF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AF000
|
Size: |
4096
|
|
8E4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655253530.00000000008E4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8E4000
|
Size: |
163840
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
911000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1458271658.0000000000911000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
911000
|
Size: |
16384
|
|
2DCE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655572639.0000000002DCE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2DCE000
|
Size: |
8192
|
|
35CE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473066995.00000000035CE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CE000
|
Size: |
8192
|
|
2351000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433656171.0000000002351000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2351000
|
Size: |
4096
|
|
3691000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1559849209.0000000003691000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3691000
|
Size: |
1474560
|
|
393E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1560929444.000000000393E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
393E000
|
Size: |
626688
|
|
3A2F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1562696971.0000000003A2F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A2F000
|
Size: |
753664
|
|
8E4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1508289208.00000000008E4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8E4000
|
Size: |
163840
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3631000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473575764.0000000003631000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3631000
|
Size: |
4096
|
|
35AF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1506582103.00000000035AF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AF000
|
Size: |
4096
|
|
363C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473575764.000000000363C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
363C000
|
Size: |
4096
|
|
389C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1560651144.000000000389C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
389C000
|
Size: |
585728
|
|
8B4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655161136.00000000008B4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8B4000
|
Size: |
12288
|
|
35F6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459438667.00000000035F6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35F6000
|
Size: |
139264
|
|
8A5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655161136.00000000008A5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8A5000
|
Size: |
16384
|
|
931000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1650069495.0000000000931000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
931000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3590000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655866726.0000000003590000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3590000
|
Size: |
40960
|
|
3AA4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1568130367.0000000003AA4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3AA4000
|
Size: |
1040384
|
|
397B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1564901700.000000000397B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
397B000
|
Size: |
884736
|
|
361C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1509690936.000000000361C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
361C000
|
Size: |
4096
|
|
35CF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1504389679.00000000035CF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CF000
|
Size: |
4096
|
|
304E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655640342.000000000304E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
304E000
|
Size: |
8192
|
|
361C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1525281668.000000000361C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
361C000
|
Size: |
12288
|
|
8CB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1508289208.00000000008CB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8CB000
|
Size: |
94208
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
931000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655349222.0000000000931000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
931000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3690000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1656042494.0000000003690000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3690000
|
Size: |
4096
|
|
389B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1566531857.000000000389B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
389B000
|
Size: |
966656
|
|
3899000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1561459662.0000000003899000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3899000
|
Size: |
671744
|
|
39FB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1561588684.00000000039FB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
39FB000
|
Size: |
679936
|
|
35E7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473322611.00000000035E7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E7000
|
Size: |
4096
|
|
359F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1502139346.000000000359F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
359F000
|
Size: |
16384
|
|
359E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1501990313.000000000359E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
359E000
|
Size: |
20480
|
|
35E7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1525281668.00000000035E7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E7000
|
Size: |
4096
|
|
3640000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1487967202.0000000003640000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3640000
|
Size: |
4096
|
|
35DA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1460704759.00000000035DA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35DA000
|
Size: |
12288
|
|
3941000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1561525209.0000000003941000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3941000
|
Size: |
679936
|
|
3895000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1563420801.0000000003895000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3895000
|
Size: |
802816
|
|
35C6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488395834.00000000035C6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C6000
|
Size: |
4096
|
|
395F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1561756893.000000000395F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
395F000
|
Size: |
696320
|
|
3925000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1560539069.0000000003925000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3925000
|
Size: |
569344
|
|
35C6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488980491.00000000035C6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C6000
|
Size: |
4096
|
|
35A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1545365140.00000000035A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A0000
|
Size: |
12288
|
|
29EF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433252852.00000000029EF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
29EF000
|
Size: |
229376
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
39A2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1568383018.00000000039A2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
39A2000
|
Size: |
1048576
|
|
35CE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459531987.00000000035CE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CE000
|
Size: |
4096
|
|
35AE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472388115.00000000035AE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AE000
|
Size: |
49152
|
|
2ECC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655591716.0000000002ECC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2ECC000
|
Size: |
16384
|
|
2361000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655465028.0000000002361000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2361000
|
Size: |
241664
|
|
39DE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1561159969.00000000039DE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
39DE000
|
Size: |
647168
|
|
392E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1560307822.000000000392E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
392E000
|
Size: |
536576
|
|
3989000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1566071878.0000000003989000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3989000
|
Size: |
942080
|
|
3738000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489884123.0000000003738000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3738000
|
Size: |
4096
|
|
2351000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433706273.0000000002351000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2351000
|
Size: |
4096
|
|
395B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1562277756.000000000395B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
395B000
|
Size: |
729088
|
|
2351000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433682018.0000000002351000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2351000
|
Size: |
4096
|
|
3894000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1565018439.0000000003894000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3894000
|
Size: |
892928
|
|
3964000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1563037047.0000000003964000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3964000
|
Size: |
778240
|
|
2240000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655437208.0000000002240000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2240000
|
Size: |
4096
|
|
8B8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1653822654.00000000008B8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8B8000
|
Size: |
49152
|
|
3614000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655969155.0000000003614000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3614000
|
Size: |
4096
|
|
33EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655803193.00000000033EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
33EE000
|
Size: |
8192
|
|
399C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1567665135.000000000399C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
399C000
|
Size: |
1024000
|
|
927000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655349222.0000000000927000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
927000
|
Size: |
36864
|
|
8B4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1653822654.00000000008B4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8B4000
|
Size: |
12288
|
|
927000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1507270359.0000000000927000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
927000
|
Size: |
36864
|
|
35CF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1502539960.00000000035CF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CF000
|
Size: |
4096
|
|
556000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654367780.0000000000556000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
556000
|
Size: |
12288
|
|
35AF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1504583534.00000000035AF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AF000
|
Size: |
4096
|
|
35AF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1506910736.00000000035AF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AF000
|
Size: |
4096
|
|
927000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1508020939.0000000000927000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
927000
|
Size: |
36864
|
|
35D3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473066995.00000000035D3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35D3000
|
Size: |
8192
|
|
35AA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1471936437.00000000035AA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AA000
|
Size: |
32768
|
|
35AA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655913416.00000000035AA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AA000
|
Size: |
4096
|
|
35D5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459746208.00000000035D5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35D5000
|
Size: |
4096
|
|
3894000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1568511658.0000000003894000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3894000
|
Size: |
1056768
|
|
3894000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1565547455.0000000003894000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3894000
|
Size: |
917504
|
|
35BB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473066995.00000000035BB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35BB000
|
Size: |
8192
|
|
35CE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459633218.00000000035CE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CE000
|
Size: |
4096
|
|
35FE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488537718.00000000035FE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35FE000
|
Size: |
20480
|
|
3948000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1561398871.0000000003948000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3948000
|
Size: |
663552
|
|
35A6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1545365140.00000000035A6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A6000
|
Size: |
12288
|
|
398B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1565428874.000000000398B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
398B000
|
Size: |
909312
|
|
90C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1525703180.000000000090C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
90C000
|
Size: |
16384
|
|
35AA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1502306357.00000000035AA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AA000
|
Size: |
12288
|
|
361E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1501900043.000000000361E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
361E000
|
Size: |
4096
|
|
8AA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1653822654.00000000008AA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8AA000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
35E9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472162374.00000000035E9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E9000
|
Size: |
4096
|
|
399A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1566651394.000000000399A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
399A000
|
Size: |
974848
|
|
4290000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1653133420.0000000004290000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4290000
|
Size: |
1822720
|
|
35AC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472486424.00000000035AC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AC000
|
Size: |
4096
|
|
35E5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473322611.00000000035E5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E5000
|
Size: |
4096
|
|
927000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1507361886.0000000000927000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
927000
|
Size: |
36864
|
|
35C8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1460462202.00000000035C8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C8000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
35C3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459746208.00000000035C3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C3000
|
Size: |
8192
|
|
916000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1508020939.0000000000916000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
916000
|
Size: |
4096
|
|
35A8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1487767502.00000000035A8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A8000
|
Size: |
28672
|
|
846000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654820610.0000000000846000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
846000
|
Size: |
20480
|
|
35CB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472746342.00000000035CB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CB000
|
Size: |
4096
|
|
35FA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1460462202.00000000035FA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35FA000
|
Size: |
4096
|
|
3891000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1563662563.0000000003891000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3891000
|
Size: |
819200
|
|
389E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1562189038.000000000389E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
389E000
|
Size: |
720896
|
|
39AF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1569123980.00000000039AF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
39AF000
|
Size: |
1081344
|
|
8E4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1458192779.00000000008E4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8E4000
|
Size: |
172032
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
35D8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1525281668.00000000035D8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35D8000
|
Size: |
4096
|
|
3606000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488273163.0000000003606000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3606000
|
Size: |
4096
|
|
35B5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473066995.00000000035B5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35B5000
|
Size: |
8192
|
|
3972000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1564174543.0000000003972000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3972000
|
Size: |
851968
|
|
612000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000000.1303612073.0000000000612000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
612000
|
Size: |
282624
|
|
90C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1654117373.000000000090C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
90C000
|
Size: |
16384
|
|
8FF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472970311.00000000008FF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8FF000
|
Size: |
69632
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
398C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1565842952.000000000398C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
398C000
|
Size: |
933888
|
|
35EA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1509690936.00000000035EA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35EA000
|
Size: |
4096
|
|
35B3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1460399145.00000000035B3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35B3000
|
Size: |
65536
|
|
3646000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1507676529.0000000003646000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3646000
|
Size: |
57344
|
|
3A88000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1566390202.0000000003A88000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A88000
|
Size: |
958464
|
|
361D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1507676529.000000000361D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
361D000
|
Size: |
4096
|
|
911000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1654036038.0000000000911000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
911000
|
Size: |
16384
|
|
35AD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488273163.00000000035AD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AD000
|
Size: |
8192
|
|
2450000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1431874566.0000000002450000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2450000
|
Size: |
176128
|
|
362A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1460462202.000000000362A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
362A000
|
Size: |
12288
|
|
35FC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459934838.00000000035FC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35FC000
|
Size: |
4096
|
|
3638000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1487967202.0000000003638000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3638000
|
Size: |
16384
|
|
35A5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1460758808.00000000035A5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A5000
|
Size: |
4096
|
|
931000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1525485033.0000000000931000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
931000
|
Size: |
36864
|
|
35C6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488147989.00000000035C6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C6000
|
Size: |
4096
|
|
396A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1563748957.000000000396A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
396A000
|
Size: |
827392
|
|
2351000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433730052.0000000002351000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2351000
|
Size: |
4096
|
|
35C7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473322611.00000000035C7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C7000
|
Size: |
118784
|
|
3978000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1564359726.0000000003978000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3978000
|
Size: |
860160
|
|
2A29000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433252852.0000000002A29000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2A29000
|
Size: |
352256
|
|
3890000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1567276849.0000000003890000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3890000
|
Size: |
1007616
|
|
3610000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488798730.0000000003610000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3610000
|
Size: |
4096
|
|
399D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1568005105.000000000399D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
399D000
|
Size: |
1032192
|
|
35DF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488798730.00000000035DF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35DF000
|
Size: |
8192
|
|
84C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654820610.000000000084C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
84C000
|
Size: |
57344
|
|
35CF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1506105688.00000000035CF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CF000
|
Size: |
4096
|
|
35AA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1471999086.00000000035AA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AA000
|
Size: |
32768
|
|
35CF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1506206993.00000000035CF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CF000
|
Size: |
4096
|
|
35AD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488936484.00000000035AD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AD000
|
Size: |
8192
|
|
35BB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472746342.00000000035BB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35BB000
|
Size: |
8192
|
|
3893000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1561338376.0000000003893000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3893000
|
Size: |
663552
|
|
65C000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1303651193.000000000065C000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
65C000
|
Size: |
229376
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
35D5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459531987.00000000035D5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35D5000
|
Size: |
4096
|
|
35C7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1525281668.00000000035C7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C7000
|
Size: |
4096
|
|
389C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1563118137.000000000389C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
389C000
|
Size: |
778240
|
|
35B3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1460704759.00000000035B3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35B3000
|
Size: |
65536
|
|
35AA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1654000156.00000000035AA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AA000
|
Size: |
4096
|
|
359E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1654000156.000000000359E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
359E000
|
Size: |
45056
|
|
65C000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.1654673392.000000000065C000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
65C000
|
Size: |
229376
|
|
90F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1458271658.000000000090F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
90F000
|
Size: |
4096
|
|
359A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472388115.000000000359A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
359A000
|
Size: |
16384
|
|
35B6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1525281668.00000000035B6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35B6000
|
Size: |
8192
|
|
39CA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1560595924.00000000039CA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
39CA000
|
Size: |
577536
|
|
361C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1507995897.000000000361C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
361C000
|
Size: |
4096
|
|
35C5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1474026109.00000000035C5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C5000
|
Size: |
16384
|
|
360C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489749685.000000000360C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
360C000
|
Size: |
20480
|
|
395B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1562615414.000000000395B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
395B000
|
Size: |
745472
|
|
73D1D000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1656145480.0000000073D1D000.00000004.00000001.01000000.00000006.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
73D1D000
|
Size: |
8192
|
|
73D1F000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.1656160795.0000000073D1F000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
73D1F000
|
Size: |
12288
|
|
363C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473322611.000000000363C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
363C000
|
Size: |
4096
|
|
35E5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459438667.00000000035E5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E5000
|
Size: |
12288
|
|
877000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654820610.0000000000877000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
877000
|
Size: |
4096
|
|
361D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1511382364.000000000361D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
361D000
|
Size: |
172032
|
|
35A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1471936437.00000000035A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A0000
|
Size: |
32768
|
|
35CF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1504583534.00000000035CF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CF000
|
Size: |
4096
|
|
35AF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473066995.00000000035AF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AF000
|
Size: |
4096
|
|
35EE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488597160.00000000035EE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35EE000
|
Size: |
4096
|
|
35C6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488936484.00000000035C6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C6000
|
Size: |
4096
|
|
396E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1563196908.000000000396E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
396E000
|
Size: |
786432
|
|
3890000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1566962880.0000000003890000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3890000
|
Size: |
991232
|
|
35F7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459934838.00000000035F7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35F7000
|
Size: |
4096
|
|
3893000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1569026237.0000000003893000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3893000
|
Size: |
1073152
|
|
362A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459746208.000000000362A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
362A000
|
Size: |
8192
|
|
911000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655316900.0000000000911000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
911000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
39A8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1568897174.00000000039A8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
39A8000
|
Size: |
1073152
|
|
39A2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1568645938.00000000039A2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
39A2000
|
Size: |
1056768
|
|
35DC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1460462202.00000000035DC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35DC000
|
Size: |
106496
|
|
35AE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1507217894.00000000035AE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AE000
|
Size: |
4096
|
|
2918000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433252852.0000000002918000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2918000
|
Size: |
876544
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
656000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1654660289.0000000000656000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
656000
|
Size: |
12288
|
|
359D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655866726.000000000359D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
359D000
|
Size: |
4096
|
|
3606000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488147989.0000000003606000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3606000
|
Size: |
4096
|
|
359E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1525588055.000000000359E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
359E000
|
Size: |
4096
|
|
73D01000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000002.1656095047.0000000073D01000.00000020.00000001.01000000.00000006.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
73D01000
|
Size: |
86016
|
|
35E6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472625117.00000000035E6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E6000
|
Size: |
20480
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
35C8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459531987.00000000035C8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C8000
|
Size: |
8192
|
|
35BE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1507163450.00000000035BE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35BE000
|
Size: |
4096
|
|
3956000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1561925189.0000000003956000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3956000
|
Size: |
704512
|
|
2350000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655465028.0000000002350000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2350000
|
Size: |
45056
|
|
39A9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1569517359.00000000039A9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
39A9000
|
Size: |
1105920
|
|
35F2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1460634500.00000000035F2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35F2000
|
Size: |
12288
|
|
697000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1303651193.0000000000697000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
697000
|
Size: |
348160
|
|
389E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1562956630.000000000389E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
389E000
|
Size: |
770048
|
|
35CE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472746342.00000000035CE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CE000
|
Size: |
8192
|
|
362C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655969155.000000000362C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
362C000
|
Size: |
4096
|
|
2900000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655528467.0000000002900000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2900000
|
Size: |
12288
|
|
35C5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472746342.00000000035C5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C5000
|
Size: |
8192
|
|
3896000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1567541265.0000000003896000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3896000
|
Size: |
1015808
|
|
389E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1566760003.000000000389E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
389E000
|
Size: |
974848
|
|
3891000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1569220590.0000000003891000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3891000
|
Size: |
1089536
|
|
362C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473575764.000000000362C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
362C000
|
Size: |
16384
|
|
35DC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473575764.00000000035DC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35DC000
|
Size: |
12288
|
|
89C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655161136.000000000089C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
89C000
|
Size: |
32768
|
|
33F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655818671.00000000033F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
33F0000
|
Size: |
4096
|
|
35A6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1525588055.00000000035A6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A6000
|
Size: |
4096
|
|
2C8D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655543561.0000000002C8D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2C8D000
|
Size: |
12288
|
|
32EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655784724.00000000032EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
32EE000
|
Size: |
8192
|
|
8C7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1653822654.00000000008C7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8C7000
|
Size: |
110592
|
|
3999000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1567403472.0000000003999000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3999000
|
Size: |
1007616
|
|
36E8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489884123.00000000036E8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36E8000
|
Size: |
4096
|
|
2D8D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655558724.0000000002D8D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2D8D000
|
Size: |
12288
|
|
35A3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488147989.00000000035A3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A3000
|
Size: |
4096
|
|
36B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489884123.00000000036B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36B0000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
8B8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655253530.00000000008B8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8B8000
|
Size: |
49152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
35B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1474026109.00000000035B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35B0000
|
Size: |
4096
|
|
3894000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1565744441.0000000003894000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3894000
|
Size: |
925696
|
|
931000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1545305214.0000000000931000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
931000
|
Size: |
36864
|
|
362C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473322611.000000000362C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
362C000
|
Size: |
12288
|
|
35AE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655952671.00000000035AE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AE000
|
Size: |
4096
|
|
393C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1560709745.000000000393C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
393C000
|
Size: |
593920
|
|
35AF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1504810513.00000000035AF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AF000
|
Size: |
4096
|
|
931000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472020829.0000000000931000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
931000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
35B5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472746342.00000000035B5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35B5000
|
Size: |
8192
|
|
35E9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1460704759.00000000035E9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E9000
|
Size: |
4096
|
|
359B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1525765520.000000000359B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
359B000
|
Size: |
12288
|
|
35A3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1501810037.00000000035A3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A3000
|
Size: |
20480
|
|
35E1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472625117.00000000035E1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E1000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
3892000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1563831867.0000000003892000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3892000
|
Size: |
827392
|
|
35FA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459934838.00000000035FA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35FA000
|
Size: |
4096
|
|
3899000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1561845702.0000000003899000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3899000
|
Size: |
696320
|
|
35C9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489749685.00000000035C9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C9000
|
Size: |
20480
|
|
35A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472388115.00000000035A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A0000
|
Size: |
36864
|
|
3892000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1567830561.0000000003892000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3892000
|
Size: |
1024000
|
|
918000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1508020939.0000000000918000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
918000
|
Size: |
53248
|
|
397C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1564714937.000000000397C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
397C000
|
Size: |
876544
|
|
359A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1487804471.000000000359A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
359A000
|
Size: |
40960
|
|
35C8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459746208.00000000035C8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C8000
|
Size: |
8192
|
|
35AE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1472486424.00000000035AE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AE000
|
Size: |
49152
|
|
3591000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459531987.0000000003591000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3591000
|
Size: |
212992
|
|
35D1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473066995.00000000035D1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35D1000
|
Size: |
4096
|
|
3598000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459296938.0000000003598000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3598000
|
Size: |
8192
|
|
915000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1650069495.0000000000915000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
915000
|
Size: |
65536
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
35CF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1504810513.00000000035CF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CF000
|
Size: |
4096
|
|
2351000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1433416276.0000000002351000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2351000
|
Size: |
237568
|
|
8CB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1458192779.00000000008CB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8CB000
|
Size: |
94208
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
35C2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473066995.00000000035C2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C2000
|
Size: |
4096
|
|
35AA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1545365140.00000000035AA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AA000
|
Size: |
4096
|
|
3635000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473575764.0000000003635000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3635000
|
Size: |
8192
|
|
35AB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1525561754.00000000035AB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AB000
|
Size: |
16384
|
|
35C6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488883164.00000000035C6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C6000
|
Size: |
4096
|
|
360C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1501638217.000000000360C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
360C000
|
Size: |
24576
|
|
361E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1501864922.000000000361E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
361E000
|
Size: |
4096
|
|
911000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1507270359.0000000000911000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
911000
|
Size: |
81920
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
35A9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1501810037.00000000035A9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35A9000
|
Size: |
24576
|
|
328D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1655682580.000000000328D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
328D000
|
Size: |
12288
|
|
35AA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489838158.00000000035AA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AA000
|
Size: |
12288
|
|
911000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1525703180.0000000000911000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
911000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3895000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1560877382.0000000003895000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3895000
|
Size: |
618496
|
|
35C6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459934838.00000000035C6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35C6000
|
Size: |
4096
|
|
377F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1560035099.000000000377F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
377F000
|
Size: |
1019904
|
|
3893000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1564089565.0000000003893000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3893000
|
Size: |
843776
|
|
35AA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1507217894.00000000035AA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35AA000
|
Size: |
12288
|
|
35CB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1459934838.00000000035CB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35CB000
|
Size: |
8192
|
|
360D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1473575764.000000000360D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
360D000
|
Size: |
8192
|
|