Automated Malware Analysis IOC Report for

Details

Name:	00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp
TargetID:	3
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page execute and read and write
Base address:	400000
Size:	188416

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	600000
Size:	188416

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	400000
Size:	188416

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

Details

Name:	00000003.00000002.646418049.000000000019E000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	19E000
Size:	8192

Details

Name:	00000003.00000000.639243000.0000000000401000.00000020.00020000.sdmp
TargetID:	3
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	401000
Size:	8192

Details

Name:	00000001.00000003.639462821.00000000023F0000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	23F0000
Size:	1138688

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000005.00000002.662843453.00007FF5E343C000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E343C000
Size:	8192

Details

Name:	00000001.00000002.644942695.00000000005C0000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	5C0000
Size:	200704

Details

Name:	00000005.00000002.662917763.00007FF5E3524000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E3524000
Size:	20480

Details

Name:	00000005.00000002.662030128.000002CAF9513000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2CAF9513000
Size:	8192

Details

Name:	00000005.00000002.661986808.000002CAF944D000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2CAF944D000
Size:	12288

Details

Name:	00000005.00000002.661815927.000000E4EB4FF000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	E4EB4FF000
Size:	4096

Details

Name:	00000001.00000002.645008518.0000000000930000.00000002.00000001.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	930000
Size:	32768

Details

Name:	00000005.00000002.662801315.00007FF5E3373000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E3373000
Size:	8192

Details

Name:	00000001.00000003.644541453.000000000250F000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	250F000
Size:	462848

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary

Details

Name:	00000005.00000002.661824766.000002CAF9230000.00000004.00000020.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	2CAF9230000
Size:	8192

Details

Name:	00000005.00000002.661942117.000002CAF9402000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2CAF9402000
Size:	65536

Details

Name:	00000005.00000002.662824667.00007FF5E341D000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E341D000
Size:	20480

Details

Name:	00000001.00000003.643040845.000000000250F000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	250F000
Size:	462848

Details

Name:	00000001.00000002.645005627.000000000092E000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	92E000
Size:	8192

Details

Name:	00000005.00000002.662813815.00007FF5E33CB000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E33CB000
Size:	8192

Details

Name:	00000001.00000003.639918805.0000000002376000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2376000
Size:	487424

Details

Name:	00000005.00000002.662908177.00007FF5E3514000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E3514000
Size:	4096

Details

Name:	00000005.00000002.662773144.00007FF5E3096000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E3096000
Size:	32768

Details

Name:	00000001.00000002.644735407.000000000019C000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	19C000
Size:	16384

Details

Name:	00000001.00000002.644769935.0000000000403000.00000002.00020000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	403000
Size:	4096

Details

Name:	00000001.00000002.644779898.0000000000430000.00000004.00000020.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	430000
Size:	20480

Details

Name:	00000005.00000002.662838939.00007FF5E3434000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E3434000
Size:	4096

Details

Name:	00000005.00000002.661970180.000002CAF9429000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2CAF9429000
Size:	73728

Details

Name:	00000001.00000002.644706970.000000000009D000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	9D000
Size:	12288

Details

Name:	00000003.00000002.647292534.0000000000580000.00000004.00000020.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	580000
Size:	16384

Details

Name:	00000005.00000002.662939240.00007FF5E3546000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E3546000
Size:	8192

Details

Name:	00000001.00000003.639275199.0000000002260000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2260000
Size:	1130496

Details

Name:	00000001.00000002.644752873.00000000002F7000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2F7000
Size:	4096

Details

Name:	00000003.00000000.639247089.0000000000403000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	403000
Size:	4096

Details

Name:	00000001.00000003.644073316.000000000250F000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	250F000
Size:	462848

Details

Name:	00000003.00000003.645225065.0000000000681000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	681000
Size:	65536

Details

Name:	00000001.00000003.640353512.000000000250F000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	250F000
Size:	462848

Details

Name:	00000005.00000002.662873875.00007FF5E34DB000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E34DB000
Size:	45056

Details

Name:	00000003.00000003.644373939.0000000000584000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	584000
Size:	28672

Details

Name:	00000003.00000002.647621757.0000000000C6B000.00000040.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	C6B000
Size:	4096

Details

Name:	00000005.00000002.662900764.00007FF5E3507000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E3507000
Size:	28672

Details

Name:	00000001.00000003.644066883.000000000250B000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	250B000
Size:	4096

Details

Name:	00000003.00000002.647481305.0000000000ADB000.00000040.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	ADB000
Size:	4096

Details

Name:	00000005.00000002.661829986.000002CAF9240000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2CAF9240000
Size:	806912

Details

Name:	00000001.00000003.643500022.000000000250F000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	250F000
Size:	462848

Details

Name:	00000005.00000002.662025794.000002CAF9508000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2CAF9508000
Size:	12288

Details

Name:	00000001.00000002.644990740.000000000063A000.00000004.00000020.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	63A000
Size:	118784

Signature Hits	Behavior Group	Mitre Attack
Creates a DirectInput object (often for capturing keystrokes)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture

Details

Name:	00000001.00000002.644937213.00000000005B0000.00000004.00000040.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	5B0000
Size:	8192

Details

Name:	00000005.00000002.661788853.000000E4EB1FB000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	E4EB1FB000
Size:	20480

Details

Name:	00000005.00000002.662933683.00007FF5E353E000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E353E000
Size:	16384

Details

Name:	00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	9C0000
Size:	1150976

Signature Hits	Behavior Group	Mitre Attack
Binary contains paths to debug symbols	Compliance, System Summary

Details

Name:	00000001.00000002.644783845.0000000000440000.00000002.00000001.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	440000
Size:	806912

Details

Name:	00000001.00000002.644758667.0000000000400000.00000002.00020000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000003.00000003.645481158.0000000000430000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	430000
Size:	131072

Details

Name:	00000005.00000002.662819711.00007FF5E33CE000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E33CE000
Size:	4096

Details

Name:	00000001.00000003.643763802.0000000002376000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2376000
Size:	487424

Details

Name:	00000005.00000002.661990357.000002CAF9455000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2CAF9455000
Size:	90112

Details

Name:	00000003.00000002.646319007.000000000009D000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	9D000
Size:	12288

Details

Name:	00000001.00000003.640091679.0000000002260000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2260000
Size:	1130496

Details

Name:	00000005.00000002.661757397.000000E4EACCB000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	E4EACCB000
Size:	20480

Details

Name:	00000005.00000002.662958605.00007FF5E35BA000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E35BA000
Size:	12288

Details

Name:	00000005.00000002.661820296.000002CAF91D0000.00000004.00000040.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2CAF91D0000
Size:	4096

Details

Name:	00000003.00000002.646888027.00000000004A0000.00000002.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	4A0000
Size:	806912

Details

Name:	00000005.00000002.662948624.00007FF5E354D000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E354D000
Size:	16384

Details

Name:	00000005.00000002.662928361.00007FF5E3538000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E3538000
Size:	12288

Details

Name:	00000005.00000002.662851823.00007FF5E34BC000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E34BC000
Size:	8192

Details

Name:	00000001.00000003.641193557.0000000002376000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2376000
Size:	487424

Details

Name:	00000001.00000003.643036119.000000000250B000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	250B000
Size:	4096

Details

Name:	00000003.00000002.646519475.00000000002DC000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2DC000
Size:	8192

Details

Name:	00000005.00000002.662808044.00007FF5E33B1000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E33B1000
Size:	4096

Details

Name:	00000003.00000003.644350514.0000000000589000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	589000
Size:	8192

Details

Name:	00000005.00000002.662794247.00007FF5E3321000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E3321000
Size:	12288

Details

Name:	00000003.00000000.639238863.0000000000400000.00000002.00020000.sdmp
TargetID:	3
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000005.00000002.662042385.000002CAF9A02000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2CAF9A02000
Size:	4096

Details

Name:	00000003.00000003.645321063.0000000000494000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	494000
Size:	4096

Details

Name:	00000005.00000002.662011966.000002CAF948A000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2CAF948A000
Size:	8192

Details

Name:	00000005.00000002.662848037.00007FF5E34BA000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E34BA000
Size:	4096

Details

Name:	00000001.00000002.644925983.000000000058E000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	58E000
Size:	8192

Details

Name:	00000005.00000002.662018882.000002CAF9500000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2CAF9500000
Size:	4096

Details

Name:	00000005.00000002.662912680.00007FF5E351A000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E351A000
Size:	20480

Details

Name:	00000001.00000002.644985632.0000000000630000.00000004.00000020.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	630000
Size:	32768

Details

Name:	00000005.00000002.662863872.00007FF5E34D0000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E34D0000
Size:	16384

Details

Name:	00000005.00000002.661810542.000000E4EB3FF000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	E4EB3FF000
Size:	4096

Details

Name:	00000001.00000003.639824726.0000000002260000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2260000
Size:	1130496

Details

Name:	00000001.00000003.640207684.0000000002376000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2376000
Size:	487424

Details

Name:	00000001.00000002.644921498.000000000054E000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	54E000
Size:	8192

Details

Name:	00000001.00000003.639960209.00000000023F0000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	23F0000
Size:	1138688

Details

Name:	00000001.00000003.642124997.00000000023F0000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	23F0000
Size:	1138688

Details

Name:	00000005.00000002.662953995.00007FF5E35B4000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E35B4000
Size:	20480

Details

Name:	00000005.00000002.661799887.000000E4EB2F7000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	E4EB2F7000
Size:	36864

Details

Name:	00000001.00000003.643113644.0000000002260000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2260000
Size:	1130496

Details

Name:	00000001.00000003.644186694.0000000002260000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2260000
Size:	1130496

Details

Name:	00000005.00000002.662783353.00007FF5E30A5000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E30A5000
Size:	4096

Details

Name:	00000001.00000003.639385100.0000000002376000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2376000
Size:	487424

Details

Name:	00000001.00000003.643885695.00000000023F0000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	23F0000
Size:	1138688

Details

Name:	00000005.00000002.662015384.000002CAF948D000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2CAF948D000
Size:	12288

Details

Name:	00000005.00000002.662001726.000002CAF946C000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2CAF946C000
Size:	77824

Details

Name:	00000001.00000002.645002262.000000000082D000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	82D000
Size:	12288

Details

Name:	00000003.00000003.644381469.000000000058F000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	58F000
Size:	45056

Details

Name:	00000003.00000003.644355582.000000000058F000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	58F000
Size:	45056

Details

Name:	00000005.00000002.662893793.00007FF5E34FF000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E34FF000
Size:	16384

Details

Name:	00000001.00000003.643485508.000000000250B000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	250B000
Size:	4096

Details

Name:	00000001.00000003.640048034.000000000250F000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	250F000
Size:	462848

Details

Name:	00000003.00000002.647485358.0000000000ADF000.00000040.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	ADF000
Size:	1601536

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary

Details

Name:	00000003.00000003.644366342.000000000058E000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	58E000
Size:	8192

Details

Name:	00000005.00000003.661608979.000002CAF944A000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2CAF944A000
Size:	24576

Details

Name:	00000001.00000002.644764266.0000000000401000.00000020.00020000.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	401000
Size:	8192

Details

Name:	00000005.00000002.662943589.00007FF5E3549000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E3549000
Size:	12288

Details

Name:	00000005.00000002.661949992.000002CAF9413000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2CAF9413000
Size:	86016

Details

Name:	00000001.00000002.645013671.0000000002250000.00000004.00000040.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2250000
Size:	12288

Details

Name:	00000001.00000003.643268929.0000000002376000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2376000
Size:	487424

Details

Name:	00000001.00000000.638164687.0000000000401000.00000020.00020000.sdmp
TargetID:	1
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	401000
Size:	8192

Details

Name:	00000001.00000002.644776222.0000000000420000.00000002.00000001.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	420000
Size:	8192

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary

Details

Name:	00000001.00000000.638172963.0000000000403000.00000002.00020000.sdmp
TargetID:	1
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	403000
Size:	4096

Details

Name:	00000005.00000002.662962473.00007FF5E35C1000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E35C1000
Size:	20480

Details

Name:	00000005.00000002.662923879.00007FF5E352F000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E352F000
Size:	8192

Details

Name:	00000001.00000003.644537686.000000000250B000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	250B000
Size:	4096

Details

Name:	00000001.00000001.638191780.0000000000400000.00000002.00020000.sdmp
TargetID:	1
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000001.00000003.643346346.00000000023F0000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	23F0000
Size:	1138688

Details

Name:	00000005.00000002.662036080.000002CAF9600000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2CAF9600000
Size:	4096

Details

Name:	00000005.00000002.661935117.000002CAF93F0000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2CAF93F0000
Size:	4096

Details

Name:	00000005.00000002.661979532.000002CAF943C000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2CAF943C000
Size:	57344

Details

Name:	00000005.00000002.662757970.00007FF5E2DD2000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E2DD2000
Size:	4096

Details

Name:	00000001.00000002.644772696.0000000000410000.00000002.00000001.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	410000
Size:	16384

Details

Name:	00000001.00000002.644747360.00000000002F3000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2F3000
Size:	8192

Details

Name:	00000005.00000002.661771515.000000E4EADCE000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	E4EADCE000
Size:	8192

Details

Name:	00000005.00000002.662881772.00007FF5E34E7000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E34E7000
Size:	49152

Details

Name:	00000003.00000002.647626223.0000000000C6F000.00000040.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	C6F000
Size:	479232

Details

Name:	00000001.00000003.639552255.000000000250F000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	250F000
Size:	462848

Details

Name:	00000001.00000003.639548961.000000000250B000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	250B000
Size:	4096

Details

Name:	00000005.00000002.662518074.000002CAF9F40000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2CAF9F40000
Size:	1269760

Details

Name:	00000005.00000002.662021917.000002CAF9502000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2CAF9502000
Size:	12288

Details

Name:	00000003.00000002.646852530.0000000000490000.00000004.00000020.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	490000
Size:	16384

Details

Name:	00000005.00000002.661938808.000002CAF9400000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2CAF9400000
Size:	4096

Details

Name:	00000005.00000002.662855794.00007FF5E34CA000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E34CA000
Size:	8192

Details

Name:	00000001.00000002.644742828.00000000001F0000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1F0000
Size:	4096

Details

Name:	00000005.00000002.662831576.00007FF5E3423000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E3423000
Size:	24576

Details

Name:	00000005.00000002.662788492.00007FF5E3247000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E3247000
Size:	8192

Details

Name:	00000001.00000003.640045115.000000000250B000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	250B000
Size:	4096

Details

Name:	00000001.00000003.640256913.00000000023F0000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	23F0000
Size:	1138688

Details

Name:	00000001.00000003.644361739.0000000002376000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2376000
Size:	487424

Details

Name:	00000001.00000003.644449758.00000000023F0000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	23F0000
Size:	1138688

Details

Name:	00000001.00000003.643578327.0000000002260000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2260000
Size:	1130496

Details

Name:	00000001.00000003.640350100.000000000250B000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	250B000
Size:	4096

Details

Name:	00000005.00000002.661765281.000000E4EAD4E000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	E4EAD4E000
Size:	8192

Details

Name:	00000005.00000002.662764794.00007FF5E3090000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E3090000
Size:	20480

Details

Name:	00000001.00000003.640636060.0000000002260000.00000004.00000001.sdmp
TargetID:	1
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2260000
Size:	1130496

Details

Name:	00000005.00000002.662039454.000002CAF9990000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2CAF9990000
Size:	4096

Details

Name:	00000005.00000002.662889681.00007FF5E34FC000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E34FC000
Size:	4096

Details

Name:	00000005.00000002.661777295.000000E4EB0F5000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	E4EB0F5000
Size:	45056

Details

Name:	00000005.00000002.661929591.000002CAF9310000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2CAF9310000
Size:	16384

Details

Name:	00000005.00000003.661586657.000002CAF9450000.00000004.00000001.sdmp
TargetID:	5
Dumpstage:	free memory
Regiontype:	unkown
Protect:	page read and write
Base address:	2CAF9450000
Size:	110592

Details

Name:	00000005.00000002.662860290.00007FF5E34CE000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E34CE000
Size:	4096

Details

Name:	00000005.00000002.662045696.000002CAF9C00000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2CAF9C00000
Size:	3371008

Details

Name:	00000005.00000000.650577774.00007FF5E35C2000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process new
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E35C2000
Size:	16384

Details

Name:	00000005.00000002.662869312.00007FF5E34D5000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E34D5000
Size:	12288

Details

Name:	00000003.00000002.647304667.0000000000680000.00000004.00000001.sdmp
TargetID:	3
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	680000
Size:	180224

Details

Name:	00000001.00000000.638158940.0000000000400000.00000002.00020000.sdmp
TargetID:	1
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000005.00000002.662751426.00007FF5E2D2D000.00000002.00000001.sdmp
TargetID:	5
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	7FF5E2D2D000
Size:	4096

Details

Name:	00000001.00000002.644929790.0000000000590000.00000040.00000001.sdmp
TargetID:	1
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	590000
Size:	8192

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Processes

URLs

Memdumps