|
4D10000
|
direct allocation
|
page read and write
|
 |
|
|
| Name: |
0000000A.00000003.2265416340.0000000004D10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4D10000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
431000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4483064804.0000000000431000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
431000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4E30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2179548739.0000000004E30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E30000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4C70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2078685252.0000000004C70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C70000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
441000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4483035016.0000000000441000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
441000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
431000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4483059852.0000000000431000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
431000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
50D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2027415909.00000000050D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
50D0000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
441000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4483096105.0000000000441000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
441000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
811000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4483066704.0000000000811000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
811000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
51D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2079204683.00000000051D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
51D0000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4D50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4489248993.0000000004D50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D50000
|
| Size: |
4096
|
|
|
7EA000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4484253694.00000000007EA000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
7EA000
|
| Size: |
110592
|
|
|
3E0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4488653125.0000000003E0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E0E000
|
| Size: |
8192
|
|
|
5260000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2028249938.0000000005260000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5260000
|
| Size: |
8192
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2264717482.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
49CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4488907572.00000000049CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49CE000
|
| Size: |
8192
|
|
|
41EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4488121285.00000000041EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41EF000
|
| Size: |
4096
|
|
|
4E10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2079385174.0000000004E10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E10000
|
| Size: |
4096
|
|
|
4C30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025261016.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C30000
|
| Size: |
53248
|
|
|
50B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4490260480.00000000050B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50B0000
|
| Size: |
4096
|
|
|
C8C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4485449104.0000000000C8C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C8C000
|
| Size: |
16384
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2078259024.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2040082438.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
436E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4488356897.000000000436E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
436E000
|
| Size: |
8192
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2040154739.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2026317112.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
4DE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4490258307.0000000004DE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DE0000
|
| Size: |
4096
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2098236669.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2045400727.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
4F10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4490130759.0000000004F10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F10000
|
| Size: |
4096
|
|
|
4ED0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4489892430.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4ED0000
|
| Size: |
4096
|
|
|
4E10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2079491077.0000000004E10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E10000
|
| Size: |
4096
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2097972847.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
5302000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2079204683.0000000005302000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5302000
|
| Size: |
8192
|
|
|
3ECE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4488383659.0000000003ECE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ECE000
|
| Size: |
8192
|
|
|
57A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4484155637.000000000057A000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
57A000
|
| Size: |
1646592
|
|
|
3BEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4487867910.0000000003BEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BEF000
|
| Size: |
4096
|
|
|
70E000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4484155637.000000000070E000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
70E000
|
| Size: |
868352
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3C4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4488164028.0000000003C4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C4E000
|
| Size: |
8192
|
|
|
522F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4489921135.000000000522F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
522F000
|
| Size: |
4096
|
|
|
14E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4486160874.00000000014E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E0000
|
| Size: |
16384
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2026334806.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
45CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4488435626.00000000045CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45CF000
|
| Size: |
4096
|
|
|
5070000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4490036628.0000000005070000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5070000
|
| Size: |
4096
|
|
|
2ECF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4486774991.0000000002ECF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2ECF000
|
| Size: |
4096
|
|
|
32EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4486828380.00000000032EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32EF000
|
| Size: |
4096
|
|
|
B60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4485477367.0000000000B60000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B60000
|
| Size: |
4096
|
|
|
4D51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2098555256.0000000004D51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D51000
|
| Size: |
4096
|
|
|
4FC7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4490757039.0000000004FC7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FC7000
|
| Size: |
2002944
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2045367637.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
3A6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4487463622.0000000003A6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A6F000
|
| Size: |
4096
|
|
|
5320000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4489514219.0000000005320000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5320000
|
| Size: |
4096
|
|
|
4ED0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4490972829.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4ED0000
|
| Size: |
4096
|
|
|
4C30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025375313.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C30000
|
| Size: |
53248
|
|
|
4891000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282022301.0000000004891000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4891000
|
| Size: |
49152
|
|
|
468F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4489585094.000000000468F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
468F000
|
| Size: |
4096
|
|
|
116E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4485860443.000000000116E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
116E000
|
| Size: |
8192
|
|
|
FAD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4485499780.0000000000FAD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FAD000
|
| Size: |
4096
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2264444990.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
486F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4489078015.000000000486F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
486F000
|
| Size: |
4096
|
|
|
5080000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4490091765.0000000005080000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5080000
|
| Size: |
4096
|
|
|
84C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4484284014.000000000084C000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
84C000
|
| Size: |
4096
|
|
|
384F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4487714067.000000000384F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
384F000
|
| Size: |
4096
|
|
|
49A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2207633892.00000000049A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49A1000
|
| Size: |
4096
|
|
|
2EA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4486444918.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EA0000
|
| Size: |
16384
|
|
|
50D1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4489638829.00000000050D1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
50D1000
|
| Size: |
57344
|
|
|
3C8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4488469993.0000000003C8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C8F000
|
| Size: |
4096
|
|
|
2B8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4486012863.0000000002B8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B8E000
|
| Size: |
8192
|
|
|
398F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4487810334.000000000398F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
398F000
|
| Size: |
4096
|
|
|
4E42000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2265416340.0000000004E42000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E42000
|
| Size: |
8192
|
|
|
45EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4488838826.00000000045EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45EF000
|
| Size: |
4096
|
|
|
83D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000002.4484916889.000000000083D000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
83D000
|
| Size: |
1789952
|
|
|
430000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4483011351.0000000000430000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
430000
|
| Size: |
4096
|
|
|
40EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4488266052.00000000040EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40EF000
|
| Size: |
4096
|
|
|
34CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4487492281.00000000034CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34CE000
|
| Size: |
8192
|
|
|
422E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4488205095.000000000422E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
422E000
|
| Size: |
8192
|
|
|
567000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000008.00000000.2172228286.0000000000567000.00000008.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
567000
|
| Size: |
8192
|
|
|
4990000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2178567309.0000000004990000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4990000
|
| Size: |
53248
|
|
|
4C4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4489138022.0000000004C4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C4E000
|
| Size: |
8192
|
|
|
342F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4486920109.000000000342F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
342F000
|
| Size: |
4096
|
|
|
308F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4486586401.000000000308F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
308F000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025140887.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
2E6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4486540162.0000000002E6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E6F000
|
| Size: |
4096
|
|
|
132E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4485593343.000000000132E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
132E000
|
| Size: |
8192
|
|
|
2DCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4486730704.0000000002DCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DCF000
|
| Size: |
4096
|
|
|
1340000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2077616586.0000000001340000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1340000
|
| Size: |
53248
|
|
|
83C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4484155637.000000000083C000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
83C000
|
| Size: |
4096
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2077776730.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
4096
|
|
|
4EB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2265907050.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EB0000
|
| Size: |
4096
|
|
|
348F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4487416110.000000000348F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
348F000
|
| Size: |
4096
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2264534584.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
2F6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4486615088.0000000002F6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F6F000
|
| Size: |
4096
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2258782658.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
BCA000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4484278171.0000000000BCA000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
BCA000
|
| Size: |
110592
|
|
|
4C41000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2052222466.0000000004C41000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C41000
|
| Size: |
4096
|
|
|
83C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4484253694.000000000083C000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
83C000
|
| Size: |
4096
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282135419.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
5370000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4491060539.0000000005370000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5370000
|
| Size: |
4096
|
|
|
1340000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2077889648.0000000001340000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1340000
|
| Size: |
53248
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2076447919.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
4096
|
|
|
4C30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025300879.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C30000
|
| Size: |
53248
|
|
|
3E8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4487809007.0000000003E8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E8E000
|
| Size: |
8192
|
|
|
4E90000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4490739427.0000000004E90000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E90000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2049916050.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
41CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4489171036.00000000041CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41CE000
|
| Size: |
8192
|
|
|
547E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4490757083.000000000547E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
547E000
|
| Size: |
2002944
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2179904356.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
8192
|
|
|
2FCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4486916159.0000000002FCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FCE000
|
| Size: |
8192
|
|
|
432F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4488270008.000000000432F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
432F000
|
| Size: |
4096
|
|
|
3C2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4487918135.0000000003C2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C2E000
|
| Size: |
8192
|
|
|
36EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4487244190.00000000036EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36EE000
|
| Size: |
8192
|
|
|
5270000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2028117782.0000000005270000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5270000
|
| Size: |
4096
|
|
|
3D0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4487613531.0000000003D0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D0F000
|
| Size: |
4096
|
|
|
4EB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4490842686.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EB0000
|
| Size: |
4096
|
|
|
5360000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4491005565.0000000005360000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5360000
|
| Size: |
8192
|
|
|
47D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2098393975.00000000047D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
47D1000
|
| Size: |
4096
|
|
|
4EC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4489810226.0000000004EC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EC0000
|
| Size: |
4096
|
|
|
47D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2098441403.00000000047D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
47D1000
|
| Size: |
4096
|
|
|
356F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4487126084.000000000356F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
356F000
|
| Size: |
4096
|
|
|
B70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4485546762.0000000000B70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B70000
|
| Size: |
4096
|
|
|
3BAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4487564665.0000000003BAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BAF000
|
| Size: |
4096
|
|
|
137A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4485642418.000000000137A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
137A000
|
| Size: |
8192
|
|
|
E60000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4485711166.0000000000E60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E60000
|
| Size: |
36864
|
|
|
39CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4487892740.00000000039CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39CE000
|
| Size: |
8192
|
|
|
BF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4485276507.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BF0000
|
| Size: |
16384
|
|
|
4DE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2079596049.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DE0000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025172304.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
5390000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4489767903.0000000005390000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5390000
|
| Size: |
4096
|
|
|
2A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2258898638.0000000002A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A60000
|
| Size: |
53248
|
|
|
420F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4488118654.000000000420F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
420F000
|
| Size: |
4096
|
|
|
5410000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4490364785.0000000005410000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5410000
|
| Size: |
4096
|
|
|
30CB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4486653055.00000000030CB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30CB000
|
| Size: |
20480
|
|
|
576E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4491098906.000000000576E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
576E000
|
| Size: |
8192
|
|
|
396E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4487412724.000000000396E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
396E000
|
| Size: |
8192
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2180097652.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
4096
|
|
|
2F87000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4486403384.0000000002F87000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F87000
|
| Size: |
12288
|
|
|
3ACF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4487950574.0000000003ACF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ACF000
|
| Size: |
4096
|
|
|
4AEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4489327837.0000000004AEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4AEF000
|
| Size: |
4096
|
|
|
3D4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4487663764.0000000003D4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D4E000
|
| Size: |
8192
|
|
|
4C5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4489926535.0000000004C5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C5E000
|
| Size: |
8192
|
|
|
47D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2098518182.00000000047D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
47D1000
|
| Size: |
4096
|
|
|
3F0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4488795300.0000000003F0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F0F000
|
| Size: |
4096
|
|
|
3E6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4487815742.0000000003E6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E6E000
|
| Size: |
8192
|
|
|
36EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4487465746.00000000036EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36EF000
|
| Size: |
4096
|
|
|
F00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4485409856.0000000000F00000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F00000
|
| Size: |
4096
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2179978214.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
4096
|
|
|
3E8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4488320840.0000000003E8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E8F000
|
| Size: |
4096
|
|
|
496F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4488973512.000000000496F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
496F000
|
| Size: |
4096
|
|
|
47D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4489771497.00000000047D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
47D0000
|
| Size: |
4096
|
|
|
2AB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2077601535.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2AB0000
|
| Size: |
53248
|
|
|
40EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4488047315.00000000040EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40EE000
|
| Size: |
8192
|
|
|
360E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4487574045.000000000360E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
360E000
|
| Size: |
8192
|
|
|
4C0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4489075222.0000000004C0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C0F000
|
| Size: |
4096
|
|
|
3FAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4488166812.0000000003FAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FAF000
|
| Size: |
4096
|
|
|
5080000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025621766.0000000005080000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5080000
|
| Size: |
167936
|
|
|
3CEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4487686478.0000000003CEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CEF000
|
| Size: |
4096
|
|
|
4EB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2265968286.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EB0000
|
| Size: |
4096
|
|
|
2D0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4486686575.0000000002D0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D0F000
|
| Size: |
4096
|
|
|
5350000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2079688246.0000000005350000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5350000
|
| Size: |
4096
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2097715889.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
4096
|
|
|
4E10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2079508867.0000000004E10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E10000
|
| Size: |
4096
|
|
|
4E50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4490489504.0000000004E50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E50000
|
| Size: |
4096
|
|
|
2AB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2077525440.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2AB0000
|
| Size: |
53248
|
|
|
4D51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2078190153.0000000004D51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D51000
|
| Size: |
229376
|
|
|
4F70000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4490487405.0000000004F70000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F70000
|
| Size: |
4096
|
|
|
4F30000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4490256110.0000000004F30000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F30000
|
| Size: |
4096
|
|
|
4E70000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4490603411.0000000004E70000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E70000
|
| Size: |
4096
|
|
|
3AAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4487775037.0000000003AAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3AAF000
|
| Size: |
4096
|
|
|
115C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4485368736.000000000115C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
115C000
|
| Size: |
16384
|
|
|
52A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4490222404.00000000052A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52A0000
|
| Size: |
4096
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2180012969.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
4096
|
|
|
4C30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025757298.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C30000
|
| Size: |
53248
|
|
|
558F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2040275696.000000000558F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
558F000
|
| Size: |
299008
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
F10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4485452787.0000000000F10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F10000
|
| Size: |
4096
|
|
|
5250000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2028234408.0000000005250000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5250000
|
| Size: |
4096
|
|
|
83E000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4483321641.000000000083E000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
83E000
|
| Size: |
36864
|
|
|
5270000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2028212691.0000000005270000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5270000
|
| Size: |
12288
|
|
|
2D4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4486733658.0000000002D4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D4E000
|
| Size: |
8192
|
|
|
53E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4490169970.00000000053E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53E0000
|
| Size: |
4096
|
|
|
430000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000000.2252613048.0000000000430000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
430000
|
| Size: |
4096
|
|
|
563000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4483064804.0000000000563000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
563000
|
| Size: |
16384
|
|
|
5350000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2079799061.0000000005350000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5350000
|
| Size: |
12288
|
|
|
426E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4488464920.000000000426E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
426E000
|
| Size: |
8192
|
|
|
C1D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.4485019093.0000000000C1D000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C1D000
|
| Size: |
1789952
|
|
|
4891000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282383556.0000000004891000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4891000
|
| Size: |
4096
|
|
|
4FB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2180229890.0000000004FB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FB0000
|
| Size: |
4096
|
|
|
4C20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2076955813.0000000004C20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C20000
|
| Size: |
167936
|
|
|
5050000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4489922183.0000000005050000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5050000
|
| Size: |
4096
|
|
|
3E4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4487717909.0000000003E4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E4F000
|
| Size: |
4096
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2180056938.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
4096
|
|
|
5389000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4491109466.0000000005389000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5389000
|
| Size: |
2002944
|
|
|
49A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4489082350.00000000049A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49A0000
|
| Size: |
4096
|
|
|
5290000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4490139602.0000000005290000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5290000
|
| Size: |
4096
|
|
|
4E80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4490682872.0000000004E80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E80000
|
| Size: |
4096
|
|
|
5202000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2027415909.0000000005202000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5202000
|
| Size: |
8192
|
|
|
52F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4490581736.00000000052F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52F0000
|
| Size: |
4096
|
|
|
2AB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2077295888.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2AB0000
|
| Size: |
53248
|
|
|
C1C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.2019203494.0000000000C1C000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C1C000
|
| Size: |
1798144
|
|
|
47D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2098482340.00000000047D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
47D1000
|
| Size: |
4096
|
|
|
306F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4486659481.000000000306F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
306F000
|
| Size: |
4096
|
|
|
11B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4485417396.00000000011B0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11B0000
|
| Size: |
4096
|
|
|
482F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4488849571.000000000482F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
482F000
|
| Size: |
4096
|
|
|
36AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4487210538.00000000036AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36AF000
|
| Size: |
4096
|
|
|
4EA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4490792984.0000000004EA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EA0000
|
| Size: |
4096
|
|
|
3A4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4488295723.0000000003A4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A4E000
|
| Size: |
8192
|
|
|
2E4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4486776224.0000000002E4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E4F000
|
| Size: |
4096
|
|
|
5060000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4489973398.0000000005060000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5060000
|
| Size: |
4096
|
|
|
354E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4487608510.000000000354E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
354E000
|
| Size: |
8192
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2097918555.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
474F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4489193388.000000000474F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
474F000
|
| Size: |
4096
|
|
|
71E000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4484284014.000000000071E000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
71E000
|
| Size: |
868352
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
5460000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4490704244.0000000005460000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5460000
|
| Size: |
4096
|
|
|
7FA000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4484284014.00000000007FA000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
7FA000
|
| Size: |
110592
|
|
|
486E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4488925173.000000000486E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
486E000
|
| Size: |
8192
|
|
|
338E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4487369546.000000000338E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
338E000
|
| Size: |
8192
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2097885442.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
4096
|
|
|
320E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4486744331.000000000320E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
320E000
|
| Size: |
8192
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2052446392.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
|
|
4EB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2265928201.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EB0000
|
| Size: |
4096
|
|
|
156F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4486163129.000000000156F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
156F000
|
| Size: |
4096
|
|
|
5270000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2028008027.0000000005270000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5270000
|
| Size: |
4096
|
|
|
5270000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2028181567.0000000005270000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5270000
|
| Size: |
4096
|
|
|
49A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2178790296.00000000049A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49A1000
|
| Size: |
229376
|
|
|
47D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2097478402.00000000047D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
47D1000
|
| Size: |
49152
|
|
|
2C0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4486158230.0000000002C0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C0E000
|
| Size: |
8192
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2045287431.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
5400000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4490306157.0000000005400000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5400000
|
| Size: |
4096
|
|
|
4990000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2178683353.0000000004990000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4990000
|
| Size: |
53248
|
|
|
83C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000000.2172278686.000000000083C000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
83C000
|
| Size: |
1798144
|
|
|
320F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4487182022.000000000320F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
320F000
|
| Size: |
4096
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2076472054.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
4096
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4485642418.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
396F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4487665464.000000000396F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
396F000
|
| Size: |
4096
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2078277022.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
336E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4487191098.000000000336E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
336E000
|
| Size: |
8192
|
|
|
5240000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2028268666.0000000005240000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5240000
|
| Size: |
4096
|
|
|
577000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000007.00000000.2070840731.0000000000577000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
577000
|
| Size: |
8192
|
|
|
4DA2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2078685252.0000000004DA2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4DA2000
|
| Size: |
8192
|
|
|
4D51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2098517662.0000000004D51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D51000
|
| Size: |
4096
|
|
|
474E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4488584171.000000000474E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
474E000
|
| Size: |
8192
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2097849059.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
4096
|
|
|
350F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4487545357.000000000350F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
350F000
|
| Size: |
4096
|
|
|
30AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4486712308.00000000030AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30AF000
|
| Size: |
4096
|
|
|
440000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.2070714653.0000000000440000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
440000
|
| Size: |
4096
|
|
|
5350000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4490917564.0000000005350000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5350000
|
| Size: |
4096
|
|
|
34AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4487307244.00000000034AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34AE000
|
| Size: |
8192
|
|
|
2A50000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4486324956.0000000002A50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A50000
|
| Size: |
4096
|
|
|
3B4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4488367367.0000000003B4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B4F000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2040193173.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
431000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000000.2171878785.0000000000431000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
431000
|
| Size: |
585728
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2264341037.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
7FA000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4483321641.00000000007FA000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
7FA000
|
| Size: |
110592
|
|
|
394F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4487337632.000000000394F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
394F000
|
| Size: |
4096
|
|
|
84C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.2070859016.000000000084C000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
84C000
|
| Size: |
1798144
|
|
|
F6E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4485499780.0000000000F6E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F6E000
|
| Size: |
180224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2097870917.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2077792976.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
4096
|
|
|
3A0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4488205434.0000000003A0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A0F000
|
| Size: |
4096
|
|
|
947000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.2019155368.0000000000947000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
947000
|
| Size: |
8192
|
|
|
44EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4488784114.00000000044EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44EE000
|
| Size: |
8192
|
|
|
55D8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2041694673.00000000055D8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
55D8000
|
| Size: |
221184
|
|
|
4EB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2266019373.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EB0000
|
| Size: |
4096
|
|
|
50F2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4490489726.00000000050F2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
50F2000
|
| Size: |
2002944
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2077890857.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
4096
|
|
|
4C30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025444418.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C30000
|
| Size: |
53248
|
|
|
53A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4489895540.00000000053A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53A0000
|
| Size: |
4096
|
|
|
5090000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4490160341.0000000005090000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5090000
|
| Size: |
4096
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2078295508.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
5270000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2027858827.0000000005270000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5270000
|
| Size: |
8192
|
|
|
83D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000002.4485039364.000000000083D000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
83D000
|
| Size: |
1789952
|
|
|
1340000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2077103889.0000000001340000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1340000
|
| Size: |
53248
|
|
|
2E8B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4486296036.0000000002E8B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E8B000
|
| Size: |
20480
|
|
|
4C41000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2039864781.0000000004C41000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C41000
|
| Size: |
49152
|
|
|
4D4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4489194993.0000000004D4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D4F000
|
| Size: |
4096
|
|
|
476E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4489020867.000000000476E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
476E000
|
| Size: |
8192
|
|
|
434F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4488208267.000000000434F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
434F000
|
| Size: |
4096
|
|
|
52D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4490425006.00000000052D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52D0000
|
| Size: |
4096
|
|
|
4C30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2026028213.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C30000
|
| Size: |
53248
|
|
|
84D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.4485091844.000000000084D000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
84D000
|
| Size: |
1789952
|
|
|
5350000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2079655016.0000000005350000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5350000
|
| Size: |
4096
|
|
|
2C67000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4486363805.0000000002C67000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C67000
|
| Size: |
12288
|
|
|
138E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2099031911.000000000138E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
138E000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
5450000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4490653117.0000000005450000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5450000
|
| Size: |
4096
|
|
|
414E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4488581586.000000000414E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
414E000
|
| Size: |
8192
|
|
|
5350000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2079724405.0000000005350000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5350000
|
| Size: |
4096
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2258641617.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
3FEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4488210269.0000000003FEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FEE000
|
| Size: |
8192
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282098859.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
2F70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4486245846.0000000002F70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2F70000
|
| Size: |
8192
|
|
|
2F60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2078958029.0000000002F60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2F60000
|
| Size: |
53248
|
|
|
84C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4483321641.000000000084C000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
84C000
|
| Size: |
4096
|
|
|
4C41000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2052136177.0000000004C41000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C41000
|
| Size: |
4096
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282114956.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
49A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2207169148.00000000049A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49A1000
|
| Size: |
49152
|
|
|
4EB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2265984232.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EB0000
|
| Size: |
4096
|
|
|
48AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4489139837.00000000048AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
48AE000
|
| Size: |
8192
|
|
|
4E60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4490556998.0000000004E60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E60000
|
| Size: |
4096
|
|
|
32CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4487350098.00000000032CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32CE000
|
| Size: |
8192
|
|
|
4F00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4491154088.0000000004F00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F00000
|
| Size: |
4096
|
|
|
4C30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025410059.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C30000
|
| Size: |
53248
|
|
|
5030000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4489768781.0000000005030000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5030000
|
| Size: |
4096
|
|
|
398E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4487382234.000000000398E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
398E000
|
| Size: |
8192
|
|
|
135A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4485715827.000000000135A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
135A000
|
| Size: |
172032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
5440000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4490596369.0000000005440000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5440000
|
| Size: |
8192
|
|
|
84C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.2069861756.000000000084C000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
84C000
|
| Size: |
1798144
|
|
|
4E10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2079279410.0000000004E10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E10000
|
| Size: |
8192
|
|
|
1340000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2078039580.0000000001340000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1340000
|
| Size: |
53248
|
|
|
3A8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4487415467.0000000003A8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A8F000
|
| Size: |
4096
|
|
|
810000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.2019052079.0000000000810000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
810000
|
| Size: |
4096
|
|
|
1340000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2077710410.0000000001340000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1340000
|
| Size: |
53248
|
|
|
49A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2207863485.00000000049A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49A1000
|
| Size: |
4096
|
|
|
13C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2052446392.00000000013C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C7000
|
| Size: |
4096
|
|
|
1340000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2077251038.0000000001340000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1340000
|
| Size: |
53248
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2258729238.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
58A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4484284014.000000000058A000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
58A000
|
| Size: |
1646592
|
|
|
7EA000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4484155637.00000000007EA000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
7EA000
|
| Size: |
110592
|
|
|
4990000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2177811448.0000000004990000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4990000
|
| Size: |
53248
|
|
|
4C80000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4489980859.0000000004C80000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C80000
|
| Size: |
8192
|
|
|
523E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4491967209.000000000523E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
523E000
|
| Size: |
8192
|
|
|
4990000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2177888764.0000000004990000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4990000
|
| Size: |
53248
|
|
|
304E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4487053058.000000000304E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
304E000
|
| Size: |
8192
|
|
|
35CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4487542968.00000000035CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35CF000
|
| Size: |
4096
|
|
|
835000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4483321641.0000000000835000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
835000
|
| Size: |
32768
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2039913707.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
4EF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4491088921.0000000004EF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EF0000
|
| Size: |
4096
|
|
|
4B2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4489395222.0000000004B2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B2E000
|
| Size: |
8192
|
|
|
4C30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2026084644.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C30000
|
| Size: |
53248
|
|
|
334E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4486830348.000000000334E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
334E000
|
| Size: |
8192
|
|
|
45AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4488560701.00000000045AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45AF000
|
| Size: |
4096
|
|
|
3FCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4487953925.0000000003FCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FCE000
|
| Size: |
8192
|
|
|
F0A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4485725451.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F0A000
|
| Size: |
4096
|
|
|
4E40000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4490421522.0000000004E40000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E40000
|
| Size: |
4096
|
|
|
4E10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2079327278.0000000004E10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E10000
|
| Size: |
4096
|
|
|
2AB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2076594770.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2AB0000
|
| Size: |
53248
|
|
|
4DF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2079560644.0000000004DF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DF0000
|
| Size: |
4096
|
|
|
530F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4489453345.000000000530F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
530F000
|
| Size: |
4096
|
|
|
488E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4488787783.000000000488E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
488E000
|
| Size: |
8192
|
|
|
3FAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4487918002.0000000003FAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FAE000
|
| Size: |
8192
|
|
|
4E10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2079427635.0000000004E10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E10000
|
| Size: |
4096
|
|
|
418F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4489101064.000000000418F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
418F000
|
| Size: |
4096
|
|
|
49A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2207726797.00000000049A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49A1000
|
| Size: |
4096
|
|
|
30EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4486769916.00000000030EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30EE000
|
| Size: |
8192
|
|
|
1340000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2077151643.0000000001340000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1340000
|
| Size: |
53248
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025097880.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
472F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4488970571.000000000472F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
472F000
|
| Size: |
4096
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2076869100.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
114F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4486246305.000000000114F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
114F000
|
| Size: |
4096
|
|
|
4E10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2079536806.0000000004E10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E10000
|
| Size: |
12288
|
|
|
3EAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4488120276.0000000003EAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EAE000
|
| Size: |
8192
|
|
|
50C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4490314412.00000000050C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50C0000
|
| Size: |
8192
|
|
|
1350000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4485715827.0000000001350000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1350000
|
| Size: |
32768
|
|
|
436F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4488526668.000000000436F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
436F000
|
| Size: |
4096
|
|
|
4891000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2258309059.0000000004891000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4891000
|
| Size: |
49152
|
|
|
332F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4487064915.000000000332F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
332F000
|
| Size: |
4096
|
|
|
A02000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4485278681.0000000000A02000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
A02000
|
| Size: |
4096
|
|
|
4E10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2079459478.0000000004E10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E10000
|
| Size: |
4096
|
|
|
4891000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282520934.0000000004891000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4891000
|
| Size: |
4096
|
|
|
410E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4488522787.000000000410E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
410E000
|
| Size: |
8192
|
|
|
3FCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4488423297.0000000003FCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FCE000
|
| Size: |
8192
|
|
|
5270000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2028099968.0000000005270000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5270000
|
| Size: |
4096
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2076488964.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
4096
|
|
|
40CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4488013331.00000000040CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40CF000
|
| Size: |
4096
|
|
|
825000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4484155637.0000000000825000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
825000
|
| Size: |
32768
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2026268489.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
52B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4490289554.00000000052B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52B0000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2026367377.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2180166721.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
4096
|
|
|
567000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4483306323.0000000000567000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
567000
|
| Size: |
73728
|
|
|
424E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4488166098.000000000424E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
424E000
|
| Size: |
8192
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2264283166.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
2A80000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4486377234.0000000002A80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A80000
|
| Size: |
16384
|
|
|
4D20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4489454305.0000000004D20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4D20000
|
| Size: |
8192
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025188376.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
370E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4487213500.000000000370E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
370E000
|
| Size: |
8192
|
|
|
49A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2207604569.00000000049A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49A1000
|
| Size: |
4096
|
|
|
4C30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025893478.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C30000
|
| Size: |
53248
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2258512103.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
5420000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4490465260.0000000005420000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5420000
|
| Size: |
4096
|
|
|
2D6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4486482210.0000000002D6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D6F000
|
| Size: |
4096
|
|
|
1300000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4485617390.0000000001300000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1300000
|
| Size: |
4096
|
|
|
A02000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4485398486.0000000000A02000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
A02000
|
| Size: |
4096
|
|
|
2AB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2077440953.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2AB0000
|
| Size: |
53248
|
|
|
5270000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2028084155.0000000005270000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5270000
|
| Size: |
4096
|
|
|
4990000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2178506334.0000000004990000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4990000
|
| Size: |
53248
|
|
|
1340000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2077793047.0000000001340000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1340000
|
| Size: |
53248
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025060312.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
464E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4489135453.000000000464E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
464E000
|
| Size: |
8192
|
|
|
4EB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2265888593.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EB0000
|
| Size: |
4096
|
|
|
558E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2041694673.000000000558E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
558E000
|
| Size: |
299008
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
346F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4487249133.000000000346F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
346F000
|
| Size: |
4096
|
|
|
4E90000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2266077639.0000000004E90000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E90000
|
| Size: |
4096
|
|
|
45EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4488617765.00000000045EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45EE000
|
| Size: |
8192
|
|
|
330F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4486785974.000000000330F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
330F000
|
| Size: |
4096
|
|
|
3F8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4487894646.0000000003F8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F8F000
|
| Size: |
4096
|
|
|
2BCB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4486091210.0000000002BCB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BCB000
|
| Size: |
20480
|
|
|
44CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4488973169.00000000044CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44CF000
|
| Size: |
4096
|
|
|
5320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2079847756.0000000005320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5320000
|
| Size: |
4096
|
|
|
3ACE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4487464282.0000000003ACE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ACE000
|
| Size: |
8192
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2045419643.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
4990000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2178624924.0000000004990000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4990000
|
| Size: |
53248
|
|
|
84D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.4484923411.000000000084D000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
84D000
|
| Size: |
1789952
|
|
|
12FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4485554001.00000000012FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12FD000
|
| Size: |
12288
|
|
|
440000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4482993398.0000000000440000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
440000
|
| Size: |
4096
|
|
|
46CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4489643612.00000000046CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46CE000
|
| Size: |
8192
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2097694276.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
4EC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4490891330.0000000004EC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EC0000
|
| Size: |
4096
|
|
|
4DCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4490196306.0000000004DCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4DCF000
|
| Size: |
4096
|
|
|
4F4B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4491421911.0000000004F4B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F4B000
|
| Size: |
2002944
|
|
|
460E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4488473316.000000000460E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
460E000
|
| Size: |
8192
|
|
|
4FF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4489519224.0000000004FF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FF0000
|
| Size: |
4096
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2098059912.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
4096
|
|
|
4C30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025339005.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C30000
|
| Size: |
53248
|
|
|
374E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4487667003.000000000374E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
374E000
|
| Size: |
8192
|
|
|
430000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.2171407034.0000000000430000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
430000
|
| Size: |
4096
|
|
|
50E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4490422980.00000000050E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50E0000
|
| Size: |
4096
|
|
|
37CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4487977610.00000000037CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37CE000
|
| Size: |
8192
|
|
|
31EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4486833452.00000000031EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31EF000
|
| Size: |
4096
|
|
|
512B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4489772383.000000000512B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
512B000
|
| Size: |
20480
|
|
|
2AB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2076543633.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2AB0000
|
| Size: |
53248
|
|
|
573000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4483096105.0000000000573000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
573000
|
| Size: |
16384
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282074364.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282297966.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2076903135.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2076883815.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
35AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4487368533.00000000035AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35AF000
|
| Size: |
4096
|
|
|
4990000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2178440022.0000000004990000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4990000
|
| Size: |
53248
|
|
|
4C30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025220136.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C30000
|
| Size: |
53248
|
|
|
2F8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4486876925.0000000002F8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F8F000
|
| Size: |
4096
|
|
|
4EB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2265834810.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EB0000
|
| Size: |
4096
|
|
|
2AB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2076640203.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2AB0000
|
| Size: |
53248
|
|
|
C1C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4484278171.0000000000C1C000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C1C000
|
| Size: |
4096
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2180077787.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
4096
|
|
|
2AC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4486406228.0000000002AC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2AC0000
|
| Size: |
16384
|
|
|
4CCB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4490131182.0000000004CCB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4CCB000
|
| Size: |
20480
|
|
|
5350000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2079739756.0000000005350000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5350000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025156084.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
D8D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4485507587.0000000000D8D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D8D000
|
| Size: |
12288
|
|
|
428E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4488778457.000000000428E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
428E000
|
| Size: |
8192
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2078328395.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
4D11000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4489454305.0000000004D11000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4D11000
|
| Size: |
57344
|
|
|
5330000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4490813595.0000000005330000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5330000
|
| Size: |
4096
|
|
|
4F00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4490042528.0000000004F00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F00000
|
| Size: |
4096
|
|
|
5310000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4490698518.0000000005310000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5310000
|
| Size: |
4096
|
|
|
44AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4488640363.00000000044AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44AF000
|
| Size: |
4096
|
|
|
567000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4484192182.0000000000567000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
567000
|
| Size: |
73728
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2264501065.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
4891000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2264075640.0000000004891000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4891000
|
| Size: |
233472
|
|
|
31AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4486735159.00000000031AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31AF000
|
| Size: |
4096
|
|
|
2FAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4486635757.0000000002FAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FAF000
|
| Size: |
4096
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2077854384.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
4096
|
|
|
2E90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4486365345.0000000002E90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E90000
|
| Size: |
4096
|
|
|
2C60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4486363805.0000000002C60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C60000
|
| Size: |
16384
|
|
|
5350000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2079756728.0000000005350000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5350000
|
| Size: |
4096
|
|
|
378F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4487897212.000000000378F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
378F000
|
| Size: |
4096
|
|
|
4EA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2266093903.0000000004EA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EA0000
|
| Size: |
8192
|
|
|
4D51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2076777503.0000000004D51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D51000
|
| Size: |
49152
|
|
|
B40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4485400993.0000000000B40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B40000
|
| Size: |
16384
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282054263.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
4D51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2098441000.0000000004D51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D51000
|
| Size: |
4096
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2180205211.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
12288
|
|
|
2AC7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4486406228.0000000002AC7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2AC7000
|
| Size: |
12288
|
|
|
4EB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2266000651.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EB0000
|
| Size: |
4096
|
|
|
C0E000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4484278171.0000000000C0E000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C0E000
|
| Size: |
36864
|
|
|
1210000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4485502124.0000000001210000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1210000
|
| Size: |
16384
|
|
|
5380000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4489705405.0000000005380000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5380000
|
| Size: |
4096
|
|
|
4F62000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2179548739.0000000004F62000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4F62000
|
| Size: |
8192
|
|
|
947000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4484209570.0000000000947000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
947000
|
| Size: |
73728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2264571941.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
4C41000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2052164109.0000000004C41000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C41000
|
| Size: |
4096
|
|
|
5330000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2079819619.0000000005330000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5330000
|
| Size: |
4096
|
|
|
1370000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4485642418.0000000001370000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1370000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
FB5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4485499780.0000000000FB5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FB5000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2180034308.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
4096
|
|
|
2F61000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4486245846.0000000002F61000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2F61000
|
| Size: |
57344
|
|
|
5040000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4489865769.0000000005040000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5040000
|
| Size: |
4096
|
|
|
446F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4488421960.000000000446F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
446F000
|
| Size: |
4096
|
|
|
440000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.2069689198.0000000000440000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
440000
|
| Size: |
4096
|
|
|
DF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4485589670.0000000000DF0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DF0000
|
| Size: |
4096
|
|
|
4C70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2078361579.0000000004C70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C70000
|
| Size: |
53248
|
|
|
2A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2263895924.0000000002A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A60000
|
| Size: |
53248
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2077811498.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
4096
|
|
|
440F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4489356868.000000000440F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
440F000
|
| Size: |
4096
|
|
|
3D4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4488210291.0000000003D4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D4F000
|
| Size: |
4096
|
|
|
4D0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4489409686.0000000004D0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D0E000
|
| Size: |
8192
|
|
|
5300000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4490635688.0000000005300000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5300000
|
| Size: |
4096
|
|
|
F12000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4485725451.0000000000F12000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F12000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
382E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4487336645.000000000382E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
382E000
|
| Size: |
8192
|
|
|
EA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282768505.0000000000EA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EA0000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4CD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2262835654.0000000004CD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4CD0000
|
| Size: |
172032
|
|
|
4E10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2079474129.0000000004E10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E10000
|
| Size: |
4096
|
|
|
2BCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4486568639.0000000002BCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BCF000
|
| Size: |
4096
|
|
|
4DE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2178118409.0000000004DE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4DE0000
|
| Size: |
172032
|
|
|
2A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2259594015.0000000002A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A60000
|
| Size: |
53248
|
|
|
9F2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4485187926.00000000009F2000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
9F2000
|
| Size: |
4096
|
|
|
4891000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282430099.0000000004891000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4891000
|
| Size: |
4096
|
|
|
2AB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2076824222.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2AB0000
|
| Size: |
53248
|
|
|
2C50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4486298974.0000000002C50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C50000
|
| Size: |
4096
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2179950868.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
4096
|
|
|
3BCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4487518883.0000000003BCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BCF000
|
| Size: |
4096
|
|
|
4890000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4489359468.0000000004890000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4890000
|
| Size: |
4096
|
|
|
83E000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4484284014.000000000083E000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
83E000
|
| Size: |
36864
|
|
|
2A87000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4486377234.0000000002A87000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A87000
|
| Size: |
12288
|
|
|
520B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4489389762.000000000520B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
520B000
|
| Size: |
20480
|
|
|
2A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2263104029.0000000002A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A60000
|
| Size: |
53248
|
|
|
126F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4485957259.000000000126F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
126F000
|
| Size: |
4096
|
|
|
44AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4488499112.00000000044AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44AE000
|
| Size: |
8192
|
|
|
3F6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4487867080.0000000003F6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F6F000
|
| Size: |
4096
|
|
|
810000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4482963850.0000000000810000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
810000
|
| Size: |
4096
|
|
|
2A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2263405591.0000000002A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A60000
|
| Size: |
53248
|
|
|
322E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4486914244.000000000322E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
322E000
|
| Size: |
8192
|
|
|
2AB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2076683677.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2AB0000
|
| Size: |
53248
|
|
|
4D10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2265157824.0000000004D10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4D10000
|
| Size: |
53248
|
|
|
1340000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2076953389.0000000001340000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1340000
|
| Size: |
53248
|
|
|
4D51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2097316476.0000000004D51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D51000
|
| Size: |
49152
|
|
|
5350000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2079560597.0000000005350000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5350000
|
| Size: |
8192
|
|
|
577000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4484218525.0000000000577000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
577000
|
| Size: |
73728
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2041522177.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
13BC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4485642418.00000000013BC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13BC000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
57A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4484253694.000000000057A000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
57A000
|
| Size: |
1646592
|
|
|
53D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4490093601.00000000053D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53D0000
|
| Size: |
4096
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2076840245.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
5270000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2027945209.0000000005270000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5270000
|
| Size: |
4096
|
|
|
4E40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4489233180.0000000004E40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E40000
|
| Size: |
8192
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2098212999.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
5350000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2079773951.0000000005350000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5350000
|
| Size: |
4096
|
|
|
3AEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4487811278.0000000003AEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3AEE000
|
| Size: |
8192
|
|
|
3C0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4487568224.0000000003C0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C0E000
|
| Size: |
8192
|
|
|
4C41000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2026236874.0000000004C41000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C41000
|
| Size: |
225280
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2076918228.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
1386000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4485715827.0000000001386000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1386000
|
| Size: |
4096
|
|
|
4891000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282571753.0000000004891000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4891000
|
| Size: |
4096
|
|
|
47CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4489707406.00000000047CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
47CF000
|
| Size: |
4096
|
|
|
2F0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4486855384.0000000002F0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F0E000
|
| Size: |
8192
|
|
|
4F60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4490424111.0000000004F60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F60000
|
| Size: |
4096
|
|
|
300F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4486910082.000000000300F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
300F000
|
| Size: |
4096
|
|
|
2AB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2077132861.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2AB0000
|
| Size: |
53248
|
|
|
1340000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2077196087.0000000001340000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1340000
|
| Size: |
53248
|
|
|
41C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4482900439.000000000041C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41C000
|
| Size: |
16384
|
|
|
31EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4486776467.00000000031EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31EE000
|
| Size: |
8192
|
|
|
FB5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2207963452.0000000000FB5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FB5000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4FE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4489459129.0000000004FE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FE0000
|
| Size: |
4096
|
|
|
2AB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2076728153.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2AB0000
|
| Size: |
53248
|
|
|
460F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4489077366.000000000460F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
460F000
|
| Size: |
4096
|
|
|
3E6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4488072652.0000000003E6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E6F000
|
| Size: |
4096
|
|
|
4E8B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4489359259.0000000004E8B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E8B000
|
| Size: |
20480
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2264171157.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
4990000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2177934966.0000000004990000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4990000
|
| Size: |
53248
|
|
|
358F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4486969155.000000000358F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
358F000
|
| Size: |
4096
|
|
|
5340000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2079832902.0000000005340000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5340000
|
| Size: |
8192
|
|
|
567000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000A.00000000.2252726001.0000000000567000.00000008.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
567000
|
| Size: |
8192
|
|
|
82E000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4484155637.000000000082E000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
82E000
|
| Size: |
36864
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2026297965.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
EA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4485711166.0000000000EA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EA0000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
FA2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4485499780.0000000000FA2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FA2000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3D2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4487728148.0000000003D2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D2E000
|
| Size: |
8192
|
|
|
4E6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4489642058.0000000004E6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E6F000
|
| Size: |
4096
|
|
|
50A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4490220226.00000000050A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50A0000
|
| Size: |
4096
|
|
|
430000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4482945368.0000000000430000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
430000
|
| Size: |
4096
|
|
|
458E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4489518167.000000000458E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
458E000
|
| Size: |
8192
|
|
|
4891000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282475513.0000000004891000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4891000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2045447068.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
AEE000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4484278171.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
AEE000
|
| Size: |
868352
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
30CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4486963777.00000000030CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30CF000
|
| Size: |
4096
|
|
|
58A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4483321641.000000000058A000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
58A000
|
| Size: |
1646592
|
|
|
4E80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2266114481.0000000004E80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E80000
|
| Size: |
4096
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2097960142.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
4096
|
|
|
47D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2098557301.00000000047D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
47D1000
|
| Size: |
4096
|
|
|
344F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4486879736.000000000344F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
344F000
|
| Size: |
4096
|
|
|
4E00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2079579846.0000000004E00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E00000
|
| Size: |
8192
|
|
|
412E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4488319030.000000000412E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
412E000
|
| Size: |
8192
|
|
|
4EB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2266050497.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EB0000
|
| Size: |
12288
|
|
|
50D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2026694448.00000000050D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
50D0000
|
| Size: |
53248
|
|
|
1330000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4485660494.0000000001330000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1330000
|
| Size: |
4096
|
|
|
2AB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2077370364.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2AB0000
|
| Size: |
53248
|
|
|
3E2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4487776756.0000000003E2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E2F000
|
| Size: |
4096
|
|
|
390E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4488139532.000000000390E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
390E000
|
| Size: |
8192
|
|
|
4F50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4490361361.0000000004F50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F50000
|
| Size: |
4096
|
|
|
47D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2098342649.00000000047D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
47D1000
|
| Size: |
4096
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282151175.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
4C30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025954013.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C30000
|
| Size: |
53248
|
|
|
F90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4485499982.0000000000F90000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F90000
|
| Size: |
4096
|
|
|
95A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4484278171.000000000095A000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
95A000
|
| Size: |
1646592
|
|
|
2AAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4486328229.0000000002AAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2AAE000
|
| Size: |
8192
|
|
|
440000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4482949788.0000000000440000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
440000
|
| Size: |
4096
|
|
|
4EB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2265857145.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EB0000
|
| Size: |
4096
|
|
|
4EF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4489994077.0000000004EF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EF0000
|
| Size: |
4096
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2264643928.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
ECD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4485725451.0000000000ECD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ECD000
|
| Size: |
176128
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4485648954.0000000000E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E5E000
|
| Size: |
8192
|
|
|
2A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2260594682.0000000002A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A60000
|
| Size: |
53248
|
|
|
33CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4487408196.00000000033CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33CF000
|
| Size: |
4096
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2264414290.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
9F2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4485393293.00000000009F2000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
9F2000
|
| Size: |
4096
|
|
|
346E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4486965172.000000000346E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
346E000
|
| Size: |
8192
|
|
|
2A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2263508909.0000000002A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A60000
|
| Size: |
53248
|
|
|
4990000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2177760745.0000000004990000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4990000
|
| Size: |
53248
|
|
|
470F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4488525581.000000000470F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
470F000
|
| Size: |
4096
|
|
|
4E10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2079346218.0000000004E10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E10000
|
| Size: |
4096
|
|
|
52BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4491125642.00000000052BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
52BE000
|
| Size: |
8192
|
|
|
2ACE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4486501244.0000000002ACE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2ACE000
|
| Size: |
8192
|
|
|
47D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2076410027.00000000047D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
47D1000
|
| Size: |
49152
|
|
|
438F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4488836039.000000000438F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
438F000
|
| Size: |
4096
|
|
|
4F10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4491269572.0000000004F10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F10000
|
| Size: |
8192
|
|
|
4D10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2265236665.0000000004D10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4D10000
|
| Size: |
53248
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2045331746.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
400E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4488472391.000000000400E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
400E000
|
| Size: |
8192
|
|
|
5270000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2028067553.0000000005270000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5270000
|
| Size: |
4096
|
|
|
370F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4487617335.000000000370F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
370F000
|
| Size: |
4096
|
|
|
50D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2027221215.00000000050D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
50D0000
|
| Size: |
53248
|
|
|
44CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4488384000.00000000044CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44CE000
|
| Size: |
8192
|
|
|
2C4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4486228166.0000000002C4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C4E000
|
| Size: |
8192
|
|
|
2A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2259156821.0000000002A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A60000
|
| Size: |
53248
|
|
|
49AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4489196887.00000000049AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49AF000
|
| Size: |
4096
|
|
|
4D51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2098480573.0000000004D51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D51000
|
| Size: |
4096
|
|
|
567E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4491589676.000000000567E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
567E000
|
| Size: |
8192
|
|
|
5320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4490754863.0000000005320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5320000
|
| Size: |
4096
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282277074.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2077834024.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2049870870.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
4E1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4489161033.0000000004E1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E1E000
|
| Size: |
8192
|
|
|
5240000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4490011040.0000000005240000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5240000
|
| Size: |
4096
|
|
|
49A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2207680661.00000000049A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49A1000
|
| Size: |
4096
|
|
|
46EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4488679034.00000000046EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46EF000
|
| Size: |
4096
|
|
|
70E000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4484253694.000000000070E000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
70E000
|
| Size: |
868352
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
448F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4488321975.000000000448F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
448F000
|
| Size: |
4096
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2076819599.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
4E30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2179289995.0000000004E30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E30000
|
| Size: |
53248
|
|
|
EC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4485725451.0000000000EC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EC0000
|
| Size: |
32768
|
|
|
49A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2178926477.00000000049A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49A1000
|
| Size: |
4096
|
|
|
2AB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2077204160.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2AB0000
|
| Size: |
53248
|
|
|
404F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4488929810.000000000404F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
404F000
|
| Size: |
4096
|
|
|
2F60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2078798665.0000000002F60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2F60000
|
| Size: |
53248
|
|
|
2A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2259049186.0000000002A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A60000
|
| Size: |
53248
|
|
|
F00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4485725451.0000000000F00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F00000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4F8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4489412712.0000000004F8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F8F000
|
| Size: |
4096
|
|
|
2E8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4486826079.0000000002E8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E8E000
|
| Size: |
8192
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2097771790.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2040043834.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
422F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4488387757.000000000422F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
422F000
|
| Size: |
4096
|
|
|
4C30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2026143308.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C30000
|
| Size: |
53248
|
|
|
825000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4484253694.0000000000825000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
825000
|
| Size: |
32768
|
|
|
478E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4489238121.000000000478E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
478E000
|
| Size: |
8192
|
|
|
F2C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4485448386.0000000000F2C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F2C000
|
| Size: |
16384
|
|
|
454F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4489456264.000000000454F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
454F000
|
| Size: |
4096
|
|
|
4B0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4489017917.0000000004B0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B0E000
|
| Size: |
8192
|
|
|
382F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4487566548.000000000382F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
382F000
|
| Size: |
4096
|
|
|
4F30000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4491361330.0000000004F30000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F30000
|
| Size: |
4096
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2076799657.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
1340000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2077540466.0000000001340000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1340000
|
| Size: |
53248
|
|
|
441000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.2070745709.0000000000441000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
441000
|
| Size: |
585728
|
|
|
4C71000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4489980859.0000000004C71000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C71000
|
| Size: |
57344
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2076507429.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2040011288.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
4E30000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4490361251.0000000004E30000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E30000
|
| Size: |
4096
|
|
|
4C40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4489515553.0000000004C40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C40000
|
| Size: |
4096
|
|
|
E6B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4485711166.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E6B000
|
| Size: |
139264
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
47D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2077738058.00000000047D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
47D1000
|
| Size: |
229376
|
|
|
55D9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2040275696.00000000055D9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
55D9000
|
| Size: |
221184
|
|
|
2A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2263805771.0000000002A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A60000
|
| Size: |
53248
|
|
|
40AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4487964248.00000000040AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40AE000
|
| Size: |
8192
|
|
|
577000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4483266685.0000000000577000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
577000
|
| Size: |
73728
|
|
|
39AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4487714099.00000000039AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39AE000
|
| Size: |
8192
|
|
|
450E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4489019957.000000000450E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
450E000
|
| Size: |
8192
|
|
|
53F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4490235408.00000000053F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53F0000
|
| Size: |
4096
|
|
|
E7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4485624960.0000000000E7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E7E000
|
| Size: |
8192
|
|
|
4F40000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4490308543.0000000004F40000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F40000
|
| Size: |
4096
|
|
|
138E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4485715827.000000000138E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
138E000
|
| Size: |
12288
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2076854805.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
2A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2263693689.0000000002A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A60000
|
| Size: |
53248
|
|
|
B8C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4485232205.0000000000B8C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B8C000
|
| Size: |
16384
|
|
|
BF5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4485276507.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BF5000
|
| Size: |
8192
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025124963.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
2A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2260149916.0000000002A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A60000
|
| Size: |
53248
|
|
|
577000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000006.00000000.2069843810.0000000000577000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
577000
|
| Size: |
8192
|
|
|
F12000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2099004006.0000000000F12000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F12000
|
| Size: |
12288
|
|
|
4E80000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4489742708.0000000004E80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E80000
|
| Size: |
4096
|
|
|
3AAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4487514139.0000000003AAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3AAE000
|
| Size: |
8192
|
|
|
2CCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4486662324.0000000002CCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CCF000
|
| Size: |
4096
|
|
|
4D51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2098386823.0000000004D51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D51000
|
| Size: |
4096
|
|
|
13B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4485642418.00000000013B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13B0000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4D51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2098320073.0000000004D51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D51000
|
| Size: |
4096
|
|
|
4FA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4490654531.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FA0000
|
| Size: |
8192
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2078242333.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
431000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000000.2252630449.0000000000431000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
431000
|
| Size: |
585728
|
|
|
4E30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2179352670.0000000004E30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E30000
|
| Size: |
53248
|
|
|
2BCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4486555073.0000000002BCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BCF000
|
| Size: |
4096
|
|
|
11C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4485454615.00000000011C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C0000
|
| Size: |
4096
|
|
|
49A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2177696657.00000000049A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49A1000
|
| Size: |
49152
|
|
|
5020000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4489702724.0000000005020000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5020000
|
| Size: |
4096
|
|
|
310E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4487122247.000000000310E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
310E000
|
| Size: |
8192
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2078225861.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
5350000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2079607897.0000000005350000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5350000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2039987513.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
36CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4487166650.00000000036CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36CF000
|
| Size: |
4096
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2097804135.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
835000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4484284014.0000000000835000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
835000
|
| Size: |
32768
|
|
|
50E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4489638829.00000000050E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
50E0000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
3F4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4488850042.0000000003F4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F4E000
|
| Size: |
8192
|
|
|
48D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4489867368.00000000048D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D0000
|
| Size: |
4096
|
|
|
573000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4483035016.0000000000573000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
573000
|
| Size: |
16384
|
|
|
5270000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2027975328.0000000005270000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5270000
|
| Size: |
4096
|
|
|
332E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4486877690.000000000332E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
332E000
|
| Size: |
8192
|
|
|
C05000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4484278171.0000000000C05000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C05000
|
| Size: |
32768
|
|
|
3DCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4488597874.0000000003DCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DCF000
|
| Size: |
4096
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2097750458.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
498F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4488837897.000000000498F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
498F000
|
| Size: |
4096
|
|
|
2F80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4486403384.0000000002F80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F80000
|
| Size: |
16384
|
|
|
4C41000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2052074242.0000000004C41000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C41000
|
| Size: |
4096
|
|
|
5010000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4489640545.0000000005010000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5010000
|
| Size: |
4096
|
|
|
14CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4486091037.00000000014CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
14CE000
|
| Size: |
8192
|
|
|
49A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2207251343.00000000049A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49A1000
|
| Size: |
4096
|
|
|
ECA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4485725451.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ECA000
|
| Size: |
8192
|
|
|
348E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4486918807.000000000348E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
348E000
|
| Size: |
8192
|
|
|
392F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4487372244.000000000392F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
392F000
|
| Size: |
4096
|
|
|
3B8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4488420252.0000000003B8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B8E000
|
| Size: |
8192
|
|
|
30AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4486695564.00000000030AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30AE000
|
| Size: |
8192
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2258418025.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
3D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4488016285.0000000003D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D6E000
|
| Size: |
8192
|
|
|
3D8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4488268278.0000000003D8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D8E000
|
| Size: |
8192
|
|
|
4E31000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4489233180.0000000004E31000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E31000
|
| Size: |
57344
|
|
|
35EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4487413189.00000000035EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35EE000
|
| Size: |
8192
|
|
|
52C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4490358576.00000000052C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52C0000
|
| Size: |
4096
|
|
|
4E20000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4490307784.0000000004E20000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E20000
|
| Size: |
4096
|
|
|
4970000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4489055800.0000000004970000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4970000
|
| Size: |
4096
|
|
|
50BD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4489581869.00000000050BD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50BD000
|
| Size: |
12288
|
|
|
2C0C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4486629566.0000000002C0C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C0C000
|
| Size: |
16384
|
|
|
4C2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4489457370.0000000004C2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C2F000
|
| Size: |
4096
|
|
|
4E10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2079444384.0000000004E10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E10000
|
| Size: |
4096
|
|
|
105C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4485320053.000000000105C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
105C000
|
| Size: |
16384
|
|
|
37EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4487287529.00000000037EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37EF000
|
| Size: |
4096
|
|
|
4990000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2177851467.0000000004990000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4990000
|
| Size: |
53248
|
|
|
4C41000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025030910.0000000004C41000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C41000
|
| Size: |
49152
|
|
|
51CD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4489318076.00000000051CD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
51CD000
|
| Size: |
12288
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2076430779.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
4096
|
|
|
3D2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4487973530.0000000003D2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D2F000
|
| Size: |
4096
|
|
|
4C70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2078433399.0000000004C70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C70000
|
| Size: |
53248
|
|
|
43CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4488913160.00000000043CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43CE000
|
| Size: |
8192
|
|
|
49A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2207656681.00000000049A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49A1000
|
| Size: |
4096
|
|
|
334F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4487316270.000000000334F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
334F000
|
| Size: |
4096
|
|
|
5270000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2027914963.0000000005270000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5270000
|
| Size: |
4096
|
|
|
4990000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2178304323.0000000004990000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4990000
|
| Size: |
53248
|
|
|
380F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4487247753.000000000380F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
380F000
|
| Size: |
4096
|
|
|
49A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2178979017.00000000049A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49A1000
|
| Size: |
4096
|
|
|
364F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4487712372.000000000364F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
364F000
|
| Size: |
4096
|
|
|
4C30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025825755.0000000004C30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C30000
|
| Size: |
53248
|
|
|
441000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.2069728060.0000000000441000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
441000
|
| Size: |
585728
|
|
|
5370000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4489637531.0000000005370000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5370000
|
| Size: |
4096
|
|
|
324E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4487241075.000000000324E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
324E000
|
| Size: |
8192
|
|
|
2A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2261988139.0000000002A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A60000
|
| Size: |
53248
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2180122345.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
4096
|
|
|
368E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4487809323.000000000368E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
368E000
|
| Size: |
8192
|
|
|
53B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4489979546.00000000053B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53B0000
|
| Size: |
4096
|
|
|
5430000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4490541159.0000000005430000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5430000
|
| Size: |
4096
|
|
|
5280000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4490089098.0000000005280000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5280000
|
| Size: |
4096
|
|
|
340E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4487477666.000000000340E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
340E000
|
| Size: |
8192
|
|
|
4FA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2180281029.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FA0000
|
| Size: |
4096
|
|
|
3BEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4487619387.0000000003BEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BEE000
|
| Size: |
8192
|
|
|
4EB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2265791759.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EB0000
|
| Size: |
8192
|
|
|
EFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4485365174.0000000000EFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
EFD000
|
| Size: |
12288
|
|
|
B0D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4485326045.0000000000B0D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0D000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
13C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4485642418.00000000013C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C7000
|
| Size: |
4096
|
|
|
2A6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4486235318.0000000002A6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A6E000
|
| Size: |
8192
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2051994308.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
71E000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4483321641.000000000071E000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
71E000
|
| Size: |
868352
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4891000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282545211.0000000004891000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4891000
|
| Size: |
4096
|
|
|
388E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4487772258.000000000388E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
388E000
|
| Size: |
8192
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025078435.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2098033701.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
4EE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4489929135.0000000004EE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EE0000
|
| Size: |
4096
|
|
|
2EA7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4486444918.0000000002EA7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EA7000
|
| Size: |
12288
|
|
|
314F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4487159391.000000000314F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
314F000
|
| Size: |
4096
|
|
|
4F80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4490544635.0000000004F80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F80000
|
| Size: |
4096
|
|
|
444E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4489410589.000000000444E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
444E000
|
| Size: |
8192
|
|
|
438D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4488265591.000000000438D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
438D000
|
| Size: |
12288
|
|
|
31CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4486704823.00000000031CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31CF000
|
| Size: |
4096
|
|
|
43AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4488587305.00000000043AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43AE000
|
| Size: |
8192
|
|
|
424F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4488638588.000000000424F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
424F000
|
| Size: |
4096
|
|
|
35AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4487164080.00000000035AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35AE000
|
| Size: |
8192
|
|
|
DD2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4485275359.0000000000DD2000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
DD2000
|
| Size: |
4096
|
|
|
5350000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2079670943.0000000005350000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5350000
|
| Size: |
4096
|
|
|
1340000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2077005076.0000000001340000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1340000
|
| Size: |
53248
|
|
|
4F20000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4490195870.0000000004F20000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F20000
|
| Size: |
4096
|
|
|
2A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2263585673.0000000002A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A60000
|
| Size: |
53248
|
|
|
4FB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4490702914.0000000004FB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FB0000
|
| Size: |
4096
|
|
|
F60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4485499780.0000000000F60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F60000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
35CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4487130511.00000000035CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35CE000
|
| Size: |
8192
|
|
|
2E4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4486228646.0000000002E4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E4E000
|
| Size: |
8192
|
|
|
2AB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2076775172.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2AB0000
|
| Size: |
53248
|
|
|
53DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4490967496.00000000053DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
53DE000
|
| Size: |
8192
|
|
|
811000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.2019080612.0000000000811000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
811000
|
| Size: |
585728
|
|
|
4990000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2177982863.0000000004990000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4990000
|
| Size: |
53248
|
|
|
410E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4488070938.000000000410E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
410E000
|
| Size: |
8192
|
|
|
49A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2207704279.00000000049A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49A1000
|
| Size: |
4096
|
|
|
328F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4487286753.000000000328F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
328F000
|
| Size: |
4096
|
|
|
F70000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4486177904.0000000000F70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F70000
|
| Size: |
16384
|
|
|
318E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4487215587.000000000318E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
318E000
|
| Size: |
8192
|
|
|
E98000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4485711166.0000000000E98000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E98000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2040063407.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
384E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4487289487.000000000384E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
384E000
|
| Size: |
8192
|
|
|
4D6C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4489580048.0000000004D6C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D6C000
|
| Size: |
16384
|
|
|
3B0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4488018781.0000000003B0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B0E000
|
| Size: |
8192
|
|
|
4C41000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2052191444.0000000004C41000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C41000
|
| Size: |
4096
|
|
|
F6A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4485499780.0000000000F6A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F6A000
|
| Size: |
8192
|
|
|
4F20000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4491306058.0000000004F20000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F20000
|
| Size: |
4096
|
|
|
5350000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2079625985.0000000005350000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5350000
|
| Size: |
4096
|
|
|
1340000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2077962739.0000000001340000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1340000
|
| Size: |
53248
|
|
|
4ACF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4488969030.0000000004ACF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4ACF000
|
| Size: |
4096
|
|
|
5270000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2028041709.0000000005270000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5270000
|
| Size: |
4096
|
|
|
49A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2178893683.00000000049A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49A1000
|
| Size: |
4096
|
|
|
430E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4489293936.000000000430E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
430E000
|
| Size: |
8192
|
|
|
484F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4488641230.000000000484F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
484F000
|
| Size: |
4096
|
|
|
5000000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4489582576.0000000005000000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5000000
|
| Size: |
4096
|
|
|
5350000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2079707541.0000000005350000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5350000
|
| Size: |
4096
|
|
|
462E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4488910645.000000000462E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
462E000
|
| Size: |
8192
|
|
|
408E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4489011925.000000000408E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
408E000
|
| Size: |
8192
|
|
|
563000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4483059852.0000000000563000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
563000
|
| Size: |
16384
|
|
|
EBB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4485673040.0000000000EBB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
EBB000
|
| Size: |
20480
|
|
|
5360000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4489578657.0000000005360000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5360000
|
| Size: |
4096
|
|
|
372E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4487516178.000000000372E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
372E000
|
| Size: |
8192
|
|
|
137E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4485642418.000000000137E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
137E000
|
| Size: |
172032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
42CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4489238735.00000000042CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42CF000
|
| Size: |
4096
|
|
|
4EB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2265950373.0000000004EB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EB0000
|
| Size: |
4096
|
|
|
943000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4483066704.0000000000943000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
943000
|
| Size: |
16384
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2039950896.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
5190000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2077360332.0000000005190000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5190000
|
| Size: |
167936
|
|
|
83C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000000.2252749397.000000000083C000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
83C000
|
| Size: |
1798144
|
|
|
4FC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2180253625.0000000004FC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FC0000
|
| Size: |
8192
|
|
|
1340000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2077059094.0000000001340000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1340000
|
| Size: |
53248
|
|
|
F60000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4486131738.0000000000F60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F60000
|
| Size: |
4096
|
|
|
82E000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4484253694.000000000082E000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
82E000
|
| Size: |
36864
|
|
|
4C41000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2052108854.0000000004C41000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C41000
|
| Size: |
4096
|
|
|
3C0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4488103290.0000000003C0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C0F000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2026284077.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2180145568.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
4096
|
|
|
4990000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2178022823.0000000004990000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4990000
|
| Size: |
53248
|
|
|
52E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4490526310.00000000052E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52E0000
|
| Size: |
4096
|
|
|
488F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4489295523.000000000488F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
488F000
|
| Size: |
4096
|
|
|
38CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4488070017.00000000038CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38CF000
|
| Size: |
4096
|
|
|
386E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4487613601.000000000386E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
386E000
|
| Size: |
8192
|
|
|
3CCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4488527520.0000000003CCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CCE000
|
| Size: |
8192
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282167592.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
4096
|
|
|
53C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4490040345.00000000053C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53C0000
|
| Size: |
4096
|
|
|
50D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.4490363577.00000000050D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50D0000
|
| Size: |
4096
|
|
|
13B8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4485642418.00000000013B8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13B8000
|
| Size: |
12288
|
|
|
472E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.4488813865.000000000472E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
472E000
|
| Size: |
8192
|
|
|
4EE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4491040538.0000000004EE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EE0000
|
| Size: |
4096
|
|
|
4990000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2178246480.0000000004990000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4990000
|
| Size: |
53248
|
|
|
1215000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4485502124.0000000001215000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1215000
|
| Size: |
4096
|
|
|
4F90000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4490598410.0000000004F90000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F90000
|
| Size: |
4096
|
|
|
5340000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4490864469.0000000005340000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5340000
|
| Size: |
4096
|
|
|
E8E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4485711166.0000000000E8E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E8E000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
49EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4489269448.00000000049EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49EE000
|
| Size: |
8192
|
|
|
4E10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2079410916.0000000004E10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E10000
|
| Size: |
4096
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2098028308.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
4096
|
|
