|
571000
|
unkown
|
page execute and read and write
|
 |
|
|
| Name: |
0000000A.00000002.3274056165.0000000000571000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
571000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
151000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
151000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4820000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2182605884.0000000004820000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4820000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4820000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2062288442.0000000004820000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4820000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4640000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2061020285.0000000004640000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4640000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4720000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2033248421.0000000004720000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4720000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
C81000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C81000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
C81000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C81000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4450000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2264006131.0000000004450000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4450000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
571000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
571000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2A1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3276360634.0000000002A1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A1F000
|
| Size: |
4096
|
|
|
41AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3278145369.00000000041AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41AE000
|
| Size: |
8192
|
|
|
2D6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276527748.0000000002D6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D6F000
|
| Size: |
4096
|
|
|
331E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277004134.000000000331E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
331E000
|
| Size: |
8192
|
|
|
3B5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3277903521.0000000003B5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B5E000
|
| Size: |
8192
|
|
|
347E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3277173165.000000000347E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
347E000
|
| Size: |
8192
|
|
|
4835000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3278656387.0000000004835000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4835000
|
| Size: |
2002944
|
|
|
366E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277169237.000000000366E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
366E000
|
| Size: |
8192
|
|
|
151000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.2027620112.0000000000151000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
151000
|
| Size: |
593920
|
|
|
449E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3278382319.000000000449E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
449E000
|
| Size: |
8192
|
|
|
311F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276981098.000000000311F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
311F000
|
| Size: |
4096
|
|
|
11D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2062659292.00000000011D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
11D0000
|
| Size: |
4096
|
|
|
478E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3280177983.000000000478E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
478E000
|
| Size: |
8192
|
|
|
365E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3277483830.000000000365E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
365E000
|
| Size: |
8192
|
|
|
2B9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3276495580.0000000002B9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B9F000
|
| Size: |
4096
|
|
|
4490000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2264389704.0000000004490000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4490000
|
| Size: |
4096
|
|
|
32AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276925699.00000000032AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32AE000
|
| Size: |
8192
|
|
|
2A7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3276364139.0000000002A7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A7E000
|
| Size: |
8192
|
|
|
30BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3276924991.00000000030BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30BE000
|
| Size: |
8192
|
|
|
7AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2072990694.00000000007AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AE000
|
| Size: |
8192
|
|
|
2CBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3276568207.0000000002CBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CBF000
|
| Size: |
4096
|
|
|
919000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
919000
|
| Size: |
4096
|
|
|
32DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3276964869.00000000032DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32DF000
|
| Size: |
4096
|
|
|
9F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3274136330.00000000009F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F0000
|
| Size: |
16384
|
|
|
2C9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3276540328.0000000002C9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C9F000
|
| Size: |
4096
|
|
|
4974000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2046822887.0000000004974000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4974000
|
| Size: |
4096
|
|
|
2C5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276661489.0000000002C5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C5E000
|
| Size: |
8192
|
|
|
87A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3275236549.000000000087A000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
87A000
|
| Size: |
131072
|
|
|
F4C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F4C000
|
| Size: |
32768
|
|
|
416F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3278379369.000000000416F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
416F000
|
| Size: |
4096
|
|
|
101A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
101A000
|
| Size: |
40960
|
|
|
DB8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000007.00000000.2056243648.0000000000DB8000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
DB8000
|
| Size: |
16384
|
|
|
41AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3278438768.00000000041AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41AE000
|
| Size: |
8192
|
|
|
3D9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3278062620.0000000003D9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D9F000
|
| Size: |
4096
|
|
|
1277000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276300715.0000000001277000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1277000
|
| Size: |
12288
|
|
|
919000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000000.2177153451.0000000000919000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
919000
|
| Size: |
12288
|
|
|
2F5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3276706380.0000000002F5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F5E000
|
| Size: |
8192
|
|
|
45DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3278471179.00000000045DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45DE000
|
| Size: |
8192
|
|
|
2ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3276410186.0000000002ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2ABE000
|
| Size: |
8192
|
|
|
452F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3278383143.000000000452F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
452F000
|
| Size: |
4096
|
|
|
3BBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3277821574.0000000003BBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BBF000
|
| Size: |
4096
|
|
|
6B8000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000002.3274431494.00000000006B8000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
6B8000
|
| Size: |
1409024
|
|
|
8E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3274281380.00000000008E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8E0000
|
| Size: |
16384
|
|
|
F64000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F64000
|
| Size: |
8192
|
|
|
4740000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2033455107.0000000004740000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4740000
|
| Size: |
4096
|
|
|
391E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277449795.000000000391E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
391E000
|
| Size: |
8192
|
|
|
DB3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
DB3000
|
| Size: |
20480
|
|
|
38AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277298454.00000000038AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38AF000
|
| Size: |
4096
|
|
|
406E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3278331242.000000000406E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
406E000
|
| Size: |
8192
|
|
|
459F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3278428016.000000000459F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
459F000
|
| Size: |
4096
|
|
|
455F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3278380286.000000000455F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
455F000
|
| Size: |
4096
|
|
|
319F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3276838988.000000000319F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
319F000
|
| Size: |
4096
|
|
|
28C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.2027735381.000000000028C000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
28C000
|
| Size: |
1609728
|
|
|
101A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.2055453380.000000000101A000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
101A000
|
| Size: |
40960
|
|
|
854000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
854000
|
| Size: |
8192
|
|
|
2EEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276657340.0000000002EEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EEE000
|
| Size: |
8192
|
|
|
CEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276196823.0000000000CEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CEF000
|
| Size: |
4096
|
|
|
82F000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
82F000
|
| Size: |
24576
|
|
|
4490000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2264331887.0000000004490000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4490000
|
| Size: |
4096
|
|
|
9F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3274136330.00000000009F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F5000
|
| Size: |
12288
|
|
|
F76000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F76000
|
| Size: |
32768
|
|
|
47B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
47B000
|
| Size: |
200704
|
|
|
DBB000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
DBB000
|
| Size: |
4096
|
|
|
298000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
298000
|
| Size: |
1409024
|
|
|
3F5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277978357.0000000003F5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F5E000
|
| Size: |
8192
|
|
|
838000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3274822439.0000000000838000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
838000
|
| Size: |
16384
|
|
|
32FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3277059552.00000000032FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32FF000
|
| Size: |
4096
|
|
|
305E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3276792054.000000000305E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
305E000
|
| Size: |
8192
|
|
|
312F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276796772.000000000312F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
312F000
|
| Size: |
4096
|
|
|
41DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3278158983.00000000041DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41DE000
|
| Size: |
8192
|
|
|
82C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3274751894.000000000082C000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
82C000
|
| Size: |
8192
|
|
|
4680000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2061805140.0000000004680000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4680000
|
| Size: |
4096
|
|
|
2A90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3276457254.0000000002A90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A90000
|
| Size: |
8192
|
|
|
F48000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.2055453380.0000000000F48000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F48000
|
| Size: |
712704
|
|
|
2EAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276611708.0000000002EAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EAF000
|
| Size: |
4096
|
|
|
431E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3278238882.000000000431E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
431E000
|
| Size: |
8192
|
|
|
11D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2062678222.00000000011D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
11D0000
|
| Size: |
4096
|
|
|
3BFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3277866931.0000000003BFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BFD000
|
| Size: |
12288
|
|
|
856000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
856000
|
| Size: |
61440
|
|
|
DC6000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
DC6000
|
| Size: |
4096
|
|
|
3CFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3277914938.0000000003CFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CFF000
|
| Size: |
4096
|
|
|
2DDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3276623627.0000000002DDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DDE000
|
| Size: |
8192
|
|
|
89A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000002.3275288373.000000000089A000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
89A000
|
| Size: |
4096
|
|
|
11D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2062556295.00000000011D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
11D0000
|
| Size: |
4096
|
|
|
4465000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3278615313.0000000004465000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4465000
|
| Size: |
2002944
|
|
|
F20000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F20000
|
| Size: |
8192
|
|
|
82F000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3274822439.000000000082F000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
82F000
|
| Size: |
24576
|
|
|
C81000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.2055368747.0000000000C81000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C81000
|
| Size: |
593920
|
|
|
4740000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2033493234.0000000004740000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4740000
|
| Size: |
4096
|
|
|
352E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277099294.000000000352E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
352E000
|
| Size: |
8192
|
|
|
1029000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.2055453380.0000000001029000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1029000
|
| Size: |
12288
|
|
|
345E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277082826.000000000345E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
345E000
|
| Size: |
8192
|
|
|
6B6000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
6B6000
|
| Size: |
4096
|
|
|
316E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276832854.000000000316E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
316E000
|
| Size: |
8192
|
|
|
DBC000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.2055453380.0000000000DBC000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
DBC000
|
| Size: |
1609728
|
|
|
3B5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277596807.0000000003B5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B5F000
|
| Size: |
4096
|
|
|
4740000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2033504721.0000000004740000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4740000
|
| Size: |
4096
|
|
|
F5B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F5B000
|
| Size: |
4096
|
|
|
A42000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3274228386.0000000000A42000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A42000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
260E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276237984.000000000260E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
260E000
|
| Size: |
8192
|
|
|
570000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.2176628938.0000000000570000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
570000
|
| Size: |
4096
|
|
|
1029000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.2056269159.0000000001029000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1029000
|
| Size: |
12288
|
|
|
3A2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277528449.0000000003A2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A2E000
|
| Size: |
8192
|
|
|
F48000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F48000
|
| Size: |
16384
|
|
|
2CFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3276614513.0000000002CFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CFE000
|
| Size: |
8192
|
|
|
4490000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2264357739.0000000004490000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4490000
|
| Size: |
4096
|
|
|
90A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
90A000
|
| Size: |
40960
|
|
|
866000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
866000
|
| Size: |
32768
|
|
|
351E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3277318754.000000000351E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
351E000
|
| Size: |
8192
|
|
|
37DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277293300.00000000037DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37DF000
|
| Size: |
4096
|
|
|
2AC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2033594355.0000000002AC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2AC0000
|
| Size: |
4096
|
|
|
A00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3274228386.0000000000A00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A00000
|
| Size: |
24576
|
|
|
42C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
42C000
|
| Size: |
32768
|
|
|
4680000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2061822605.0000000004680000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4680000
|
| Size: |
12288
|
|
|
4740000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2033516048.0000000004740000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4740000
|
| Size: |
4096
|
|
|
4C8000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.2027735381.00000000004C8000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
4C8000
|
| Size: |
4096
|
|
|
4F9000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
4F9000
|
| Size: |
4096
|
|
|
6AC000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000000.2258330740.00000000006AC000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
6AC000
|
| Size: |
1609728
|
|
|
101A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
101A000
|
| Size: |
40960
|
|
|
1137000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3276240979.0000000001137000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1137000
|
| Size: |
12288
|
|
|
A36000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3274228386.0000000000A36000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A36000
|
| Size: |
4096
|
|
|
274E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276303842.000000000274E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
274E000
|
| Size: |
8192
|
|
|
369E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277211160.000000000369E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
369E000
|
| Size: |
8192
|
|
|
DB8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
DB8000
|
| Size: |
12288
|
|
|
3CDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277779085.0000000003CDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CDF000
|
| Size: |
4096
|
|
|
1012000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1012000
|
| Size: |
4096
|
|
|
F7E000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F7E000
|
| Size: |
49152
|
|
|
2DAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276564166.0000000002DAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DAE000
|
| Size: |
8192
|
|
|
315F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3276836170.000000000315F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
315F000
|
| Size: |
4096
|
|
|
880000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3274206008.0000000000880000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
880000
|
| Size: |
4096
|
|
|
4996000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2046822887.0000000004996000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4996000
|
| Size: |
40960
|
|
|
838000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
838000
|
| Size: |
16384
|
|
|
FE5000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FE5000
|
| Size: |
69632
|
|
|
3FBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3278156462.0000000003FBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FBE000
|
| Size: |
8192
|
|
|
3DEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3278147890.0000000003DEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DEE000
|
| Size: |
8192
|
|
|
DB8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
DB8000
|
| Size: |
12288
|
|
|
812000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000002.3274713368.0000000000812000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
812000
|
| Size: |
106496
|
|
|
980000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3274074581.0000000000980000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
980000
|
| Size: |
4096
|
|
|
F3F000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F3F000
|
| Size: |
24576
|
|
|
11D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2062602167.00000000011D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
11D0000
|
| Size: |
4096
|
|
|
C80000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
C80000
|
| Size: |
4096
|
|
|
844000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3274943396.0000000000844000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
844000
|
| Size: |
28672
|
|
|
434000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
434000
|
| Size: |
8192
|
|
|
FF8000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.2056269159.0000000000FF8000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
FF8000
|
| Size: |
4096
|
|
|
4490000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2264245880.0000000004490000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4490000
|
| Size: |
8192
|
|
|
497B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2045941225.000000000497B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
497B000
|
| Size: |
8192
|
|
|
4680000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2061394669.0000000004680000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4680000
|
| Size: |
4096
|
|
|
34DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3277270260.00000000034DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34DF000
|
| Size: |
4096
|
|
|
84C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3275027916.000000000084C000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
84C000
|
| Size: |
32768
|
|
|
E10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3275919610.0000000000E10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E10000
|
| Size: |
4096
|
|
|
4860000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2182832345.0000000004860000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4860000
|
| Size: |
4096
|
|
|
301E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276945771.000000000301E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
FFB000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.2055453380.0000000000FFB000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
FFB000
|
| Size: |
4096
|
|
|
445E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3278335228.000000000445E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
445E000
|
| Size: |
8192
|
|
|
46DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3278518778.00000000046DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46DF000
|
| Size: |
4096
|
|
|
101A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.2056269159.000000000101A000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
101A000
|
| Size: |
40960
|
|
|
31FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3277005932.00000000031FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31FE000
|
| Size: |
8192
|
|
|
333E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3277101975.000000000333E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
333E000
|
| Size: |
8192
|
|
|
288000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.2027697816.0000000000288000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
288000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
FAB000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FAB000
|
| Size: |
200704
|
|
|
2FEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276703800.0000000002FEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FEF000
|
| Size: |
4096
|
|
|
8D5000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
8D5000
|
| Size: |
69632
|
|
|
1012000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1012000
|
| Size: |
4096
|
|
|
437E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3278445106.000000000437E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
437E000
|
| Size: |
8192
|
|
|
442E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3278334604.000000000442E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
442E000
|
| Size: |
8192
|
|
|
45BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3278558853.00000000045BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45BF000
|
| Size: |
4096
|
|
|
AF8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3275957814.0000000000AF8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AF8000
|
| Size: |
77824
|
|
|
B32000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3275957814.0000000000B32000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B32000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
A40000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3275744411.0000000000A40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A40000
|
| Size: |
4096
|
|
|
DC7000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
DC7000
|
| Size: |
4096
|
|
|
302E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276746027.000000000302E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
302E000
|
| Size: |
8192
|
|
|
865000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
865000
|
| Size: |
4096
|
|
|
4740000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2033528021.0000000004740000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4740000
|
| Size: |
4096
|
|
|
4490000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2264491805.0000000004490000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4490000
|
| Size: |
4096
|
|
|
4680000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2061473735.0000000004680000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4680000
|
| Size: |
4096
|
|
|
C10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3275752480.0000000000C10000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C10000
|
| Size: |
4096
|
|
|
45C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3278613703.00000000045C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45C0000
|
| Size: |
4096
|
|
|
3E1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277869063.0000000003E1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E1E000
|
| Size: |
8192
|
|
|
810000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
810000
|
| Size: |
8192
|
|
|
C80000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.2056149427.0000000000C80000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C80000
|
| Size: |
4096
|
|
|
84C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
84C000
|
| Size: |
32768
|
|
|
F5C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F5C000
|
| Size: |
32768
|
|
|
40DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3278124047.00000000040DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40DE000
|
| Size: |
8192
|
|
|
4790000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3280213706.0000000004790000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4790000
|
| Size: |
4096
|
|
|
28B000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
28B000
|
| Size: |
4096
|
|
|
361F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3277430891.000000000361F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
361F000
|
| Size: |
4096
|
|
|
296000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
296000
|
| Size: |
4096
|
|
|
3ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3277759134.0000000003ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ABE000
|
| Size: |
8192
|
|
|
307F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3276881527.000000000307F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
307F000
|
| Size: |
4096
|
|
|
325F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3277086134.000000000325F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
325F000
|
| Size: |
4096
|
|
|
6A8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
6A8000
|
| Size: |
12288
|
|
|
418000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.2027735381.0000000000418000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
418000
|
| Size: |
712704
|
|
|
4680000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2061644212.0000000004680000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4680000
|
| Size: |
4096
|
|
|
37DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277295188.00000000037DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37DE000
|
| Size: |
8192
|
|
|
497E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3280197424.000000000497E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
497E000
|
| Size: |
8192
|
|
|
2CDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3276525698.0000000002CDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CDF000
|
| Size: |
4096
|
|
|
4740000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2033480789.0000000004740000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4740000
|
| Size: |
4096
|
|
|
6B7000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
6B7000
|
| Size: |
4096
|
|
|
108F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276141766.000000000108F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
108F000
|
| Size: |
4096
|
|
|
1190000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3276218356.0000000001190000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1190000
|
| Size: |
16384
|
|
|
391F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277466796.000000000391F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
391F000
|
| Size: |
4096
|
|
|
6AC000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
6AC000
|
| Size: |
40960
|
|
|
A75000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3275858376.0000000000A75000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A75000
|
| Size: |
12288
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
150000
|
| Size: |
4096
|
|
|
4B5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3280175162.0000000004B5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B5E000
|
| Size: |
8192
|
|
|
31BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3276964355.00000000031BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31BF000
|
| Size: |
4096
|
|
|
402F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277996771.000000000402F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
402F000
|
| Size: |
4096
|
|
|
DB8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000006.00000000.2055436498.0000000000DB8000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
DB8000
|
| Size: |
16384
|
|
|
389F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3277636017.000000000389F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
389F000
|
| Size: |
4096
|
|
|
1029000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1029000
|
| Size: |
4096
|
|
|
E9A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3275956134.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E9A000
|
| Size: |
8192
|
|
|
4A5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3280106945.0000000004A5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A5E000
|
| Size: |
8192
|
|
|
90A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000000.2177153451.000000000090A000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
90A000
|
| Size: |
40960
|
|
|
38EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277425649.00000000038EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38EE000
|
| Size: |
8192
|
|
|
571000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000000.2258192350.0000000000571000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
571000
|
| Size: |
593920
|
|
|
435E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3278288481.000000000435E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
435E000
|
| Size: |
8192
|
|
|
7AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3274032651.00000000007AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AE000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3B2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277571251.0000000003B2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B2F000
|
| Size: |
4096
|
|
|
F64000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F64000
|
| Size: |
8192
|
|
|
89B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3275314393.000000000089B000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
89B000
|
| Size: |
200704
|
|
|
116E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3276280651.000000000116E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
116E000
|
| Size: |
8192
|
|
|
2B5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276416169.0000000002B5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B5E000
|
| Size: |
8192
|
|
|
270F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276274690.000000000270F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
270F000
|
| Size: |
4096
|
|
|
4582000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2264006131.0000000004582000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4582000
|
| Size: |
16384
|
|
|
4654000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3278659950.0000000004654000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4654000
|
| Size: |
2002944
|
|
|
11D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2062783688.00000000011D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
11D0000
|
| Size: |
12288
|
|
|
82C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
82C000
|
| Size: |
8192
|
|
|
F3C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F3C000
|
| Size: |
8192
|
|
|
FFB000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.2056269159.0000000000FFB000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
FFB000
|
| Size: |
4096
|
|
|
4490000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2264304412.0000000004490000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4490000
|
| Size: |
4096
|
|
|
4740000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2033550915.0000000004740000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4740000
|
| Size: |
4096
|
|
|
838000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000000.2177153451.0000000000838000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
838000
|
| Size: |
712704
|
|
|
4EA000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
4EA000
|
| Size: |
40960
|
|
|
4CB000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.2027735381.00000000004CB000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
4CB000
|
| Size: |
4096
|
|
|
F20000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F20000
|
| Size: |
8192
|
|
|
DC8000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
DC8000
|
| Size: |
1409024
|
|
|
6A3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3274056165.00000000006A3000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
6A3000
|
| Size: |
20480
|
|
|
3A5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277553061.0000000003A5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A5E000
|
| Size: |
8192
|
|
|
2A3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3276312741.0000000002A3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A3F000
|
| Size: |
4096
|
|
|
38DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277333843.00000000038DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38DF000
|
| Size: |
4096
|
|
|
F5C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F5C000
|
| Size: |
32768
|
|
|
28C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
28C000
|
| Size: |
40960
|
|
|
C4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3274503859.0000000000C4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C4E000
|
| Size: |
8192
|
|
|
4952000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2062288442.0000000004952000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4952000
|
| Size: |
16384
|
|
|
76D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3274032651.000000000076D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76D000
|
| Size: |
221184
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
2F7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3276824706.0000000002F7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F7E000
|
| Size: |
8192
|
|
|
2EDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3276664862.0000000002EDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EDF000
|
| Size: |
4096
|
|
|
865000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000002.3275131121.0000000000865000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
865000
|
| Size: |
4096
|
|
|
41DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3278164357.00000000041DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41DF000
|
| Size: |
4096
|
|
|
379F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277253558.000000000379F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
379F000
|
| Size: |
4096
|
|
|
B2A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2275959248.0000000000B2A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B2A000
|
| Size: |
4096
|
|
|
8D3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3275314393.00000000008D3000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
8D3000
|
| Size: |
4096
|
|
|
DC8000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
DC8000
|
| Size: |
1409024
|
|
|
86E000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000002.3275204241.000000000086E000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
86E000
|
| Size: |
49152
|
|
|
3DA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3278098853.0000000003DA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3DA0000
|
| Size: |
4096
|
|
|
301F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3276747916.000000000301F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
301F000
|
| Size: |
4096
|
|
|
4490000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2264410940.0000000004490000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4490000
|
| Size: |
4096
|
|
|
F22000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F22000
|
| Size: |
106496
|
|
|
11D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2062697550.00000000011D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
11D0000
|
| Size: |
4096
|
|
|
115E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3276179277.000000000115E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
115E000
|
| Size: |
8192
|
|
|
902000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000000.2258330740.0000000000902000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
902000
|
| Size: |
28672
|
|
|
A38000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3274228386.0000000000A38000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A38000
|
| Size: |
4096
|
|
|
47A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
47A000
|
| Size: |
4096
|
|
|
419F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3278121632.000000000419F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
419F000
|
| Size: |
4096
|
|
|
3C6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277680715.0000000003C6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C6F000
|
| Size: |
4096
|
|
|
11D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2062537127.00000000011D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
11D0000
|
| Size: |
8192
|
|
|
34EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277060460.00000000034EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34EF000
|
| Size: |
4096
|
|
|
376F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277215598.000000000376F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
376F000
|
| Size: |
4096
|
|
|
4490000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2264472733.0000000004490000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4490000
|
| Size: |
4096
|
|
|
3E7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3278073470.0000000003E7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E7E000
|
| Size: |
8192
|
|
|
4A5D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3280136318.0000000004A5D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A5D000
|
| Size: |
12288
|
|
|
3B6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277616182.0000000003B6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B6E000
|
| Size: |
8192
|
|
|
43EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3278559987.00000000043EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43EF000
|
| Size: |
4096
|
|
|
E2E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3275956463.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E2E000
|
| Size: |
221184
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
4490000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2264277056.0000000004490000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4490000
|
| Size: |
4096
|
|
|
33DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3277233721.00000000033DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33DE000
|
| Size: |
8192
|
|
|
D80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3275878794.0000000000D80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D80000
|
| Size: |
16384
|
|
|
379E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3277585369.000000000379E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
379E000
|
| Size: |
8192
|
|
|
441F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3278292329.000000000441F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
441F000
|
| Size: |
4096
|
|
|
4977000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2046822887.0000000004977000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4977000
|
| Size: |
8192
|
|
|
2BDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3276490127.0000000002BDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BDF000
|
| Size: |
4096
|
|
|
4B3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
4B3000
|
| Size: |
4096
|
|
|
4860000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2182781293.0000000004860000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4860000
|
| Size: |
8192
|
|
|
4740000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2033539059.0000000004740000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4740000
|
| Size: |
4096
|
|
|
6B6000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000002.3274364796.00000000006B6000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
6B6000
|
| Size: |
4096
|
|
|
89A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
89A000
|
| Size: |
4096
|
|
|
4680000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2061784015.0000000004680000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4680000
|
| Size: |
4096
|
|
|
FAB000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FAB000
|
| Size: |
200704
|
|
|
4E2000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
4E2000
|
| Size: |
4096
|
|
|
4929000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2045941225.0000000004929000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4929000
|
| Size: |
319488
|
|
|
357F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3277237768.000000000357F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
357F000
|
| Size: |
4096
|
|
|
381E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277340775.000000000381E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
381E000
|
| Size: |
8192
|
|
|
A42000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2073921795.0000000000A42000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A42000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
6A3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
6A3000
|
| Size: |
20480
|
|
|
2F1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3276708988.0000000002F1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F1E000
|
| Size: |
8192
|
|
|
47DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3278562285.00000000047DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
47DF000
|
| Size: |
4096
|
|
|
355E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277121529.000000000355E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
355E000
|
| Size: |
8192
|
|
|
2B1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276379964.0000000002B1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B1F000
|
| Size: |
4096
|
|
|
124E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276219712.000000000124E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
124E000
|
| Size: |
8192
|
|
|
11B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3276341691.00000000011B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11B0000
|
| Size: |
4096
|
|
|
902000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000002.3275470115.0000000000902000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
902000
|
| Size: |
4096
|
|
|
DBC000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
DBC000
|
| Size: |
40960
|
|
|
40F000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
40F000
|
| Size: |
24576
|
|
|
31DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3276905967.00000000031DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31DE000
|
| Size: |
8192
|
|
|
8D5000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3275314393.00000000008D5000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
8D5000
|
| Size: |
69632
|
|
|
A50000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3275787381.0000000000A50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A50000
|
| Size: |
16384
|
|
|
341E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277037992.000000000341E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
341E000
|
| Size: |
8192
|
|
|
3CDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277761259.0000000003CDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CDE000
|
| Size: |
8192
|
|
|
4B5000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
4B5000
|
| Size: |
69632
|
|
|
87A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
87A000
|
| Size: |
131072
|
|
|
4490000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2264453441.0000000004490000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4490000
|
| Size: |
4096
|
|
|
38DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3277697103.00000000038DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38DE000
|
| Size: |
8192
|
|
|
A08000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3274228386.0000000000A08000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A08000
|
| Size: |
184320
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
297000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
297000
|
| Size: |
4096
|
|
|
4860000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2182816426.0000000004860000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4860000
|
| Size: |
4096
|
|
|
4680000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2061767377.0000000004680000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4680000
|
| Size: |
4096
|
|
|
E20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3275956463.0000000000E20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E20000
|
| Size: |
32768
|
|
|
4680000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2061429082.0000000004680000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4680000
|
| Size: |
4096
|
|
|
409E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3278075244.000000000409E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
409E000
|
| Size: |
8192
|
|
|
D85000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3275878794.0000000000D85000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D85000
|
| Size: |
12288
|
|
|
B32000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2275959248.0000000000B32000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B32000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
9AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3275638621.00000000009AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9AC000
|
| Size: |
16384
|
|
|
45A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
45A000
|
| Size: |
131072
|
|
|
2FDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276884632.0000000002FDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FDF000
|
| Size: |
4096
|
|
|
33DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277003924.00000000033DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33DF000
|
| Size: |
4096
|
|
|
F48000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F48000
|
| Size: |
16384
|
|
|
F54000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F54000
|
| Size: |
28672
|
|
|
445F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3278338178.000000000445F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
445F000
|
| Size: |
4096
|
|
|
406E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3278043604.000000000406E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
406E000
|
| Size: |
8192
|
|
|
812000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
812000
|
| Size: |
106496
|
|
|
3F7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3278120904.0000000003F7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F7F000
|
| Size: |
4096
|
|
|
E0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3275889018.0000000000E0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E0E000
|
| Size: |
8192
|
|
|
DBB000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
DBB000
|
| Size: |
4096
|
|
|
AF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3275957814.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AF0000
|
| Size: |
24576
|
|
|
A57000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3275787381.0000000000A57000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A57000
|
| Size: |
12288
|
|
|
424000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
424000
|
| Size: |
28672
|
|
|
8AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3275675779.00000000008AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8AC000
|
| Size: |
16384
|
|
|
36DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277257190.00000000036DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36DE000
|
| Size: |
8192
|
|
|
42B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
42B000
|
| Size: |
4096
|
|
|
930000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3274032379.0000000000930000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
930000
|
| Size: |
4096
|
|
|
F3E000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F3E000
|
| Size: |
4096
|
|
|
37FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3277513695.00000000037FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37FF000
|
| Size: |
4096
|
|
|
F48000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.2056269159.0000000000F48000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F48000
|
| Size: |
712704
|
|
|
3F9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3278045827.0000000003F9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F9E000
|
| Size: |
8192
|
|
|
FE3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FE3000
|
| Size: |
4096
|
|
|
446000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
446000
|
| Size: |
32768
|
|
|
84B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
84B000
|
| Size: |
4096
|
|
|
E6F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2049399622.0000000000E6F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E6F000
|
| Size: |
8192
|
|
|
343F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3277132633.000000000343F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
343F000
|
| Size: |
4096
|
|
|
1014000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1014000
|
| Size: |
20480
|
|
|
46DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3278513622.00000000046DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46DE000
|
| Size: |
8192
|
|
|
A40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3274228386.0000000000A40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A40000
|
| Size: |
4096
|
|
|
2ADF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276529748.0000000002ADF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2ADF000
|
| Size: |
4096
|
|
|
112F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3276200366.000000000112F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
112F000
|
| Size: |
4096
|
|
|
1029000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1029000
|
| Size: |
4096
|
|
|
3B1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3277855841.0000000003B1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B1E000
|
| Size: |
8192
|
|
|
3B9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277678745.0000000003B9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B9F000
|
| Size: |
4096
|
|
|
3F2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3278234544.0000000003F2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F2E000
|
| Size: |
8192
|
|
|
6A8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000A.00000000.2258303945.00000000006A8000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
6A8000
|
| Size: |
16384
|
|
|
83C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
83C000
|
| Size: |
32768
|
|
|
63C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3273953650.000000000063C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
63C000
|
| Size: |
16384
|
|
|
3A1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277510780.0000000003A1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A1F000
|
| Size: |
4096
|
|
|
2E3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3276712146.0000000002E3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E3E000
|
| Size: |
8192
|
|
|
4852000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2033248421.0000000004852000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4852000
|
| Size: |
16384
|
|
|
D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3275823730.0000000000D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D6E000
|
| Size: |
8192
|
|
|
3DAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277780876.0000000003DAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DAF000
|
| Size: |
4096
|
|
|
4993000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2045941225.0000000004993000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4993000
|
| Size: |
24576
|
|
|
40BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3278195291.00000000040BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40BF000
|
| Size: |
4096
|
|
|
3A9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277613871.0000000003A9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A9E000
|
| Size: |
8192
|
|
|
2F3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3276770428.0000000002F3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F3F000
|
| Size: |
4096
|
|
|
4E4000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
4E4000
|
| Size: |
20480
|
|
|
C80000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
C80000
|
| Size: |
4096
|
|
|
35BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3277276879.00000000035BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35BE000
|
| Size: |
8192
|
|
|
F3F000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F3F000
|
| Size: |
24576
|
|
|
40C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
40C000
|
| Size: |
8192
|
|
|
102A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
102A000
|
| Size: |
8192
|
|
|
E90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3275956134.0000000000E90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E90000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
8D3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
8D3000
|
| Size: |
4096
|
|
|
42AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3278474962.00000000042AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42AF000
|
| Size: |
4096
|
|
|
D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3275860877.0000000000D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D6E000
|
| Size: |
8192
|
|
|
40E000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
40E000
|
| Size: |
4096
|
|
|
76A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3274032651.000000000076A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76A000
|
| Size: |
8192
|
|
|
FAA000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
FAA000
|
| Size: |
4096
|
|
|
3A7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3277708788.0000000003A7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A7F000
|
| Size: |
4096
|
|
|
150000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.2027605488.0000000000150000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
150000
|
| Size: |
4096
|
|
|
436000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
436000
|
| Size: |
61440
|
|
|
82E000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
82E000
|
| Size: |
4096
|
|
|
919000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3275625684.0000000000919000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
919000
|
| Size: |
4096
|
|
|
1013000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1013000
|
| Size: |
4096
|
|
|
433F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3278388522.000000000433F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
433F000
|
| Size: |
4096
|
|
|
5CC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3273929540.00000000005CC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5CC000
|
| Size: |
16384
|
|
|
F75000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F75000
|
| Size: |
4096
|
|
|
DB3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
DB3000
|
| Size: |
20480
|
|
|
329E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3277133114.000000000329E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
329E000
|
| Size: |
8192
|
|
|
3F2000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
3F2000
|
| Size: |
106496
|
|
|
4825000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3278612314.0000000004825000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4825000
|
| Size: |
2002944
|
|
|
326F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276878135.000000000326F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
326F000
|
| Size: |
4096
|
|
|
289E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276415636.000000000289E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
289E000
|
| Size: |
8192
|
|
|
1250000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276263058.0000000001250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1250000
|
| Size: |
4096
|
|
|
902000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
902000
|
| Size: |
4096
|
|
|
810000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3274676155.0000000000810000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
810000
|
| Size: |
8192
|
|
|
359E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277163842.000000000359E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
359E000
|
| Size: |
8192
|
|
|
42EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3278232218.00000000042EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42EE000
|
| Size: |
8192
|
|
|
844000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
844000
|
| Size: |
28672
|
|
|
283000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
283000
|
| Size: |
20480
|
|
|
E6F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3275956463.0000000000E6F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E6F000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
405F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3278026680.000000000405F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
405F000
|
| Size: |
4096
|
|
|
903000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
903000
|
| Size: |
4096
|
|
|
456E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3278431474.000000000456E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
456E000
|
| Size: |
8192
|
|
|
4830000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2182974608.0000000004830000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4830000
|
| Size: |
4096
|
|
|
9AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3275714719.00000000009AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9AC000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
F76000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F76000
|
| Size: |
32768
|
|
|
402F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3278277990.000000000402F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
402F000
|
| Size: |
4096
|
|
|
4490000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2264434773.0000000004490000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4490000
|
| Size: |
4096
|
|
|
47AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3278558922.00000000047AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
47AF000
|
| Size: |
4096
|
|
|
8E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3274281380.00000000008E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8E5000
|
| Size: |
12288
|
|
|
C7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3274382902.0000000000C7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C7E000
|
| Size: |
8192
|
|
|
2B1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276569579.0000000002B1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B1E000
|
| Size: |
8192
|
|
|
33AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276968465.00000000033AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33AF000
|
| Size: |
4096
|
|
|
6B7000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3274398118.00000000006B7000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
6B7000
|
| Size: |
4096
|
|
|
11D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2062741090.00000000011D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
11D0000
|
| Size: |
4096
|
|
|
3A1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3277797741.0000000003A1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A1E000
|
| Size: |
8192
|
|
|
40FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3278236265.00000000040FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40FE000
|
| Size: |
8192
|
|
|
383E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3277555971.000000000383E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
383E000
|
| Size: |
8192
|
|
|
3DEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277840924.0000000003DEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DEE000
|
| Size: |
8192
|
|
|
4E3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
4E3000
|
| Size: |
4096
|
|
|
2E1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3276615196.0000000002E1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E1E000
|
| Size: |
8192
|
|
|
339F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3277175178.000000000339F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
339F000
|
| Size: |
4096
|
|
|
11E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3276381107.00000000011E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
16384
|
|
|
11E7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3276381107.00000000011E7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11E7000
|
| Size: |
12288
|
|
|
4680000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2061609706.0000000004680000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4680000
|
| Size: |
4096
|
|
|
904000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000002.3275550365.0000000000904000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
904000
|
| Size: |
20480
|
|
|
29DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276492240.00000000029DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
29DE000
|
| Size: |
8192
|
|
|
6AB000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3274285002.00000000006AB000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
6AB000
|
| Size: |
4096
|
|
|
4460000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2264534345.0000000004460000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4460000
|
| Size: |
4096
|
|
|
1012000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.2055453380.0000000001012000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1012000
|
| Size: |
28672
|
|
|
570000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
570000
|
| Size: |
4096
|
|
|
F4C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F4C000
|
| Size: |
32768
|
|
|
856000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3275099990.0000000000856000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
856000
|
| Size: |
61440
|
|
|
42EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3278517087.00000000042EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42EE000
|
| Size: |
8192
|
|
|
4680000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2061684392.0000000004680000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4680000
|
| Size: |
4096
|
|
|
3F2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277933082.0000000003F2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F2E000
|
| Size: |
8192
|
|
|
86E000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
86E000
|
| Size: |
49152
|
|
|
F5B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F5B000
|
| Size: |
4096
|
|
|
3BDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277726930.0000000003BDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BDE000
|
| Size: |
8192
|
|
|
351F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277083520.000000000351F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
351F000
|
| Size: |
4096
|
|
|
459E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3278427927.000000000459E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
459E000
|
| Size: |
8192
|
|
|
4925000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2046822887.0000000004925000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4925000
|
| Size: |
319488
|
|
|
421E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3278201397.000000000421E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
421E000
|
| Size: |
8192
|
|
|
43EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3278283294.00000000043EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43EF000
|
| Size: |
4096
|
|
|
423E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3278340818.000000000423E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
423E000
|
| Size: |
8192
|
|
|
39DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3277748398.00000000039DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39DF000
|
| Size: |
4096
|
|
|
445000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
445000
|
| Size: |
4096
|
|
|
4E2000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.2027735381.00000000004E2000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
4E2000
|
| Size: |
28672
|
|
|
4F9000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.2027735381.00000000004F9000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
4F9000
|
| Size: |
12288
|
|
|
6AC000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000000.2177153451.00000000006AC000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
6AC000
|
| Size: |
1609728
|
|
|
DBC000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
DBC000
|
| Size: |
40960
|
|
|
41FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3278292960.00000000041FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41FF000
|
| Size: |
4096
|
|
|
299F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276454669.000000000299F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
299F000
|
| Size: |
4096
|
|
|
2B7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3276492120.0000000002B7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B7F000
|
| Size: |
4096
|
|
|
F8A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F8A000
|
| Size: |
131072
|
|
|
11D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2062720289.00000000011D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
11D0000
|
| Size: |
4096
|
|
|
42AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3278190177.00000000042AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42AF000
|
| Size: |
4096
|
|
|
DBC000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.2056269159.0000000000DBC000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
DBC000
|
| Size: |
1609728
|
|
|
4772000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2061020285.0000000004772000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4772000
|
| Size: |
16384
|
|
|
32DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3276968074.00000000032DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32DE000
|
| Size: |
8192
|
|
|
4860000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2182954183.0000000004860000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4860000
|
| Size: |
12288
|
|
|
4680000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2061732934.0000000004680000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4680000
|
| Size: |
4096
|
|
|
409F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3278084064.000000000409F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
409F000
|
| Size: |
4096
|
|
|
4680000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2061318771.0000000004680000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4680000
|
| Size: |
8192
|
|
|
495D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3280042814.000000000495D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
495D000
|
| Size: |
12288
|
|
|
F22000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F22000
|
| Size: |
106496
|
|
|
3A5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277563631.0000000003A5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A5F000
|
| Size: |
4096
|
|
|
E9E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3275956134.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E9E000
|
| Size: |
217088
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
2EDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276833390.0000000002EDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EDE000
|
| Size: |
8192
|
|
|
903000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3275504586.0000000000903000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
903000
|
| Size: |
4096
|
|
|
41C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
41C000
|
| Size: |
32768
|
|
|
3C5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3277955952.0000000003C5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C5F000
|
| Size: |
4096
|
|
|
309E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3276796262.000000000309E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
309E000
|
| Size: |
8192
|
|
|
33EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277014477.00000000033EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33EE000
|
| Size: |
8192
|
|
|
3B9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277649766.0000000003B9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B9E000
|
| Size: |
8192
|
|
|
904000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
904000
|
| Size: |
20480
|
|
|
291E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3276323418.000000000291E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
291E000
|
| Size: |
8192
|
|
|
2A60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3276418481.0000000002A60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A60000
|
| Size: |
4096
|
|
|
285F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276382238.000000000285F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
285F000
|
| Size: |
4096
|
|
|
C81000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.2056175062.0000000000C81000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C81000
|
| Size: |
593920
|
|
|
4860000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2182919948.0000000004860000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4860000
|
| Size: |
4096
|
|
|
FE5000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FE5000
|
| Size: |
69632
|
|
|
866000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3275166106.0000000000866000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
866000
|
| Size: |
32768
|
|
|
393F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3277598597.000000000393F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
393F000
|
| Size: |
4096
|
|
|
4740000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2033439913.0000000004740000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4740000
|
| Size: |
8192
|
|
|
570000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000000.2258161049.0000000000570000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
570000
|
| Size: |
4096
|
|
|
11AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3276306794.00000000011AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11AE000
|
| Size: |
8192
|
|
|
ED6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2210811481.0000000000ED6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ED6000
|
| Size: |
4096
|
|
|
431F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3278239300.000000000431F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
431F000
|
| Size: |
4096
|
|
|
84B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000002.3274986865.000000000084B000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
84B000
|
| Size: |
4096
|
|
|
2A5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3276386468.0000000002A5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A5E000
|
| Size: |
8192
|
|
|
2C1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276618466.0000000002C1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C1F000
|
| Size: |
4096
|
|
|
C80000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.2055345397.0000000000C80000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C80000
|
| Size: |
4096
|
|
|
73C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3273997793.000000000073C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
73C000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3E1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277887215.0000000003E1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E1F000
|
| Size: |
4096
|
|
|
4FA000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
4FA000
|
| Size: |
8192
|
|
|
571000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000000.2177054864.0000000000571000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
571000
|
| Size: |
593920
|
|
|
9D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3274106878.00000000009D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9D0000
|
| Size: |
4096
|
|
|
6AB000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
6AB000
|
| Size: |
4096
|
|
|
3F5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277995260.0000000003F5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F5F000
|
| Size: |
4096
|
|
|
A40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2073921795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A40000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
B0C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3275957814.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B0C000
|
| Size: |
102400
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
89B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
89B000
|
| Size: |
200704
|
|
|
8FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3273995796.00000000008FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8FC000
|
| Size: |
16384
|
|
|
3EEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3278193495.0000000003EEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EEF000
|
| Size: |
4096
|
|
|
1012000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.2056269159.0000000001012000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1012000
|
| Size: |
28672
|
|
|
3CAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277729198.0000000003CAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CAE000
|
| Size: |
8192
|
|
|
D20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3275760706.0000000000D20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D20000
|
| Size: |
4096
|
|
|
4740000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2033578830.0000000004740000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4740000
|
| Size: |
12288
|
|
|
319E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3276879208.000000000319E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
319E000
|
| Size: |
8192
|
|
|
6A8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000A.00000002.3274261515.00000000006A8000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
6A8000
|
| Size: |
12288
|
|
|
2A70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3276454206.0000000002A70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A70000
|
| Size: |
8192
|
|
|
4860000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2182902114.0000000004860000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4860000
|
| Size: |
4096
|
|
|
F3C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F3C000
|
| Size: |
8192
|
|
|
2D5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276706557.0000000002D5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D5F000
|
| Size: |
4096
|
|
|
36FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3277452943.00000000036FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36FE000
|
| Size: |
8192
|
|
|
305F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3276752721.000000000305F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
305F000
|
| Size: |
4096
|
|
|
F54000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F54000
|
| Size: |
28672
|
|
|
90A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000002.3275550365.000000000090A000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
90A000
|
| Size: |
40960
|
|
|
2F1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3276659516.0000000002F1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F1F000
|
| Size: |
4096
|
|
|
469F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3278472985.000000000469F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
469F000
|
| Size: |
4096
|
|
|
365F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277161268.000000000365F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
365F000
|
| Size: |
4096
|
|
|
F66000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F66000
|
| Size: |
61440
|
|
|
4860000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2182862802.0000000004860000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4860000
|
| Size: |
4096
|
|
|
39EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277469219.00000000039EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39EF000
|
| Size: |
4096
|
|
|
2DFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3276664682.0000000002DFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DFF000
|
| Size: |
4096
|
|
|
ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3275922292.0000000000ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ABE000
|
| Size: |
8192
|
|
|
2C6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276494197.0000000002C6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C6F000
|
| Size: |
4096
|
|
|
4860000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2182874661.0000000004860000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4860000
|
| Size: |
4096
|
|
|
4740000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2033468118.0000000004740000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4740000
|
| Size: |
4096
|
|
|
760000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3274032651.0000000000760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
760000
|
| Size: |
32768
|
|
|
3E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277935309.0000000003E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E5E000
|
| Size: |
8192
|
|
|
919000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000000.2258330740.0000000000919000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
919000
|
| Size: |
12288
|
|
|
FF8000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.2055453380.0000000000FF8000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
FF8000
|
| Size: |
4096
|
|
|
1270000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276300715.0000000001270000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1270000
|
| Size: |
16384
|
|
|
329F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3276929260.000000000329F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
329F000
|
| Size: |
4096
|
|
|
1130000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3276240979.0000000001130000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1130000
|
| Size: |
16384
|
|
|
3DDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277819732.0000000003DDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DDF000
|
| Size: |
4096
|
|
|
570000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3274030320.0000000000570000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
570000
|
| Size: |
4096
|
|
|
11D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2062626240.00000000011D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
11D0000
|
| Size: |
4096
|
|
|
4740000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2033566157.0000000004740000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4740000
|
| Size: |
4096
|
|
|
3E3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3278024806.0000000003E3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E3F000
|
| Size: |
4096
|
|
|
F8A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F8A000
|
| Size: |
131072
|
|
|
315E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3277033261.000000000315E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
315E000
|
| Size: |
8192
|
|
|
C20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3275787857.0000000000C20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
4096
|
|
|
466F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3278473668.000000000466F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
466F000
|
| Size: |
4096
|
|
|
369F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277210171.000000000369F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
369F000
|
| Size: |
4096
|
|
|
3D1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277838352.0000000003D1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D1E000
|
| Size: |
8192
|
|
|
6B8000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
6B8000
|
| Size: |
1409024
|
|
|
3EEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277885747.0000000003EEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EEF000
|
| Size: |
4096
|
|
|
55D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3274007853.000000000055D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55D000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
E67000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2049399622.0000000000E67000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E67000
|
| Size: |
4096
|
|
|
44BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3278517012.00000000044BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44BE000
|
| Size: |
8192
|
|
|
3F1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277916705.0000000003F1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F1E000
|
| Size: |
8192
|
|
|
838000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000000.2258330740.0000000000838000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
838000
|
| Size: |
712704
|
|
|
499A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2045941225.000000000499A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
499A000
|
| Size: |
40960
|
|
|
37AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277257713.00000000037AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37AE000
|
| Size: |
8192
|
|
|
3D3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3277975786.0000000003D3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D3E000
|
| Size: |
8192
|
|
|
487E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3280157470.000000000487E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
487E000
|
| Size: |
8192
|
|
|
4490000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2264512198.0000000004490000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4490000
|
| Size: |
12288
|
|
|
83C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000002.3274906256.000000000083C000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
83C000
|
| Size: |
32768
|
|
|
F7E000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F7E000
|
| Size: |
49152
|
|
|
854000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000002.3275064104.0000000000854000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
854000
|
| Size: |
8192
|
|
|
8EB000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000000.2177153451.00000000008EB000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
8EB000
|
| Size: |
4096
|
|
|
91A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000002.3275662377.000000000091A000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
91A000
|
| Size: |
8192
|
|
|
890000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3274237072.0000000000890000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
890000
|
| Size: |
4096
|
|
|
7A6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2072990694.00000000007A6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A6000
|
| Size: |
4096
|
|
|
36BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3277330728.00000000036BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36BF000
|
| Size: |
4096
|
|
|
395E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277521384.000000000395E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
395E000
|
| Size: |
8192
|
|
|
8EB000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000000.2258330740.00000000008EB000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
8EB000
|
| Size: |
4096
|
|
|
498F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2046822887.000000000498F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
498F000
|
| Size: |
24576
|
|
|
4A4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3280104166.0000000004A4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A4E000
|
| Size: |
8192
|
|
|
3F0000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
3F0000
|
| Size: |
8192
|
|
|
102A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
102A000
|
| Size: |
8192
|
|
|
FAA000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
FAA000
|
| Size: |
4096
|
|
|
6A8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000008.00000000.2177133078.00000000006A8000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
6A8000
|
| Size: |
16384
|
|
|
341F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277036878.000000000341F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
341F000
|
| Size: |
4096
|
|
|
47B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3278607007.00000000047B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
47B0000
|
| Size: |
4096
|
|
|
DC7000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
DC7000
|
| Size: |
4096
|
|
|
CFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3275678037.0000000000CFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CFD000
|
| Size: |
12288
|
|
|
2AD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3276451976.0000000002AD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2AD0000
|
| Size: |
8192
|
|
|
8E8000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000000.2258330740.00000000008E8000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
8E8000
|
| Size: |
4096
|
|
|
8E8000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000000.2177153451.00000000008E8000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
8E8000
|
| Size: |
4096
|
|
|
F66000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F66000
|
| Size: |
61440
|
|
|
F75000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F75000
|
| Size: |
4096
|
|
|
355F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3277123411.000000000355F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
355F000
|
| Size: |
4096
|
|
|
C50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3275820664.0000000000C50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C50000
|
| Size: |
20480
|
|
|
4EA000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.2027735381.00000000004EA000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
4EA000
|
| Size: |
40960
|
|
|
2BBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3276528020.0000000002BBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BBE000
|
| Size: |
8192
|
|
|
6AC000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3274323049.00000000006AC000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
6AC000
|
| Size: |
40960
|
|
|
B26000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3275957814.0000000000B26000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B26000
|
| Size: |
12288
|
|
|
4860000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2182847857.0000000004860000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4860000
|
| Size: |
4096
|
|
|
2E9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276793553.0000000002E9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E9F000
|
| Size: |
4096
|
|
|
11D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2062764979.00000000011D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
11D0000
|
| Size: |
4096
|
|
|
45C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3273944087.000000000045C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45C000
|
| Size: |
16384
|
|
|
90A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000000.2258330740.000000000090A000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
90A000
|
| Size: |
40960
|
|
|
FE3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FE3000
|
| Size: |
4096
|
|
|
91A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
91A000
|
| Size: |
8192
|
|
|
44E000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
44E000
|
| Size: |
49152
|
|
|
DC6000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
DC6000
|
| Size: |
4096
|
|
|
447F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3278476705.000000000447F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
447F000
|
| Size: |
4096
|
|
|
E2A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3275956463.0000000000E2A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E2A000
|
| Size: |
8192
|
|
|
4860000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2182886747.0000000004860000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4860000
|
| Size: |
4096
|
|
|
1014000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1014000
|
| Size: |
20480
|
|
|
EDE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2210811481.0000000000EDE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EDE000
|
| Size: |
8192
|
|
|
11D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2062579544.00000000011D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
11D0000
|
| Size: |
4096
|
|
|
4650000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2061843582.0000000004650000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4650000
|
| Size: |
4096
|
|
|
4978000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2045941225.0000000004978000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4978000
|
| Size: |
4096
|
|
|
288000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
288000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
1013000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1013000
|
| Size: |
4096
|
|
|
42DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3278203084.00000000042DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42DF000
|
| Size: |
4096
|
|
|
3C9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3277710617.0000000003C9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C9F000
|
| Size: |
4096
|
|
|
468D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3280111213.000000000468D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
468D000
|
| Size: |
12288
|
|
|
120E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276182381.000000000120E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
120E000
|
| Size: |
8192
|
|
|
46AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3278513655.00000000046AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46AE000
|
| Size: |
8192
|
|
|
375F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3277541850.000000000375F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
375F000
|
| Size: |
4096
|
|
|
902000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000000.2177153451.0000000000902000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
902000
|
| Size: |
28672
|
|
|
2D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276749625.0000000002D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D9E000
|
| Size: |
8192
|
|
|
397E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3277647501.000000000397E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
397E000
|
| Size: |
8192
|
|
|
960000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3275700302.0000000000960000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
960000
|
| Size: |
4096
|
|
|
C70000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2062805677.0000000000C70000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
C70000
|
| Size: |
4096
|
|
|
418000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
418000
|
| Size: |
16384
|
|
|
D10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3275713315.0000000000D10000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D10000
|
| Size: |
4096
|
|
|
2DDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3276565459.0000000002DDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DDF000
|
| Size: |
4096
|
|
|
4952000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2182605884.0000000004952000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4952000
|
| Size: |
16384
|
|
|
362F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3277126091.000000000362F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
362F000
|
| Size: |
4096
|
|
|
2750000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3276342064.0000000002750000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2750000
|
| Size: |
8192
|
|
|
4860000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2182800178.0000000004860000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4860000
|
| Size: |
4096
|
|
|
82E000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000002.3274785945.000000000082E000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
82E000
|
| Size: |
4096
|
|
|
472D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3278566813.000000000472D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
472D000
|
| Size: |
2002944
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
4860000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2182937347.0000000004860000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4860000
|
| Size: |
4096
|
|
|
2B60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3276456014.0000000002B60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B60000
|
| Size: |
8192
|
|
|
EDE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3275956134.0000000000EDE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EDE000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
F3E000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
F3E000
|
| Size: |
4096
|
|
|
3C9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3278013154.0000000003C9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C9E000
|
| Size: |
8192
|
|
|
2D9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3276579636.0000000002D9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D9F000
|
| Size: |
4096
|
|
|
416F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3278098305.000000000416F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
416F000
|
| Size: |
4096
|
|
|
A70000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3275858376.0000000000A70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A70000
|
| Size: |
16384
|
|
|
1197000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3276218356.0000000001197000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1197000
|
| Size: |
12288
|
|
|
4B4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3280152994.0000000004B4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B4E000
|
| Size: |
8192
|
|
|
101F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3276140639.000000000101F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
101F000
|
| Size: |
4096
|
|
