|
5E1000
|
unkown
|
page execute and read and write
|
 |
|
|
| Name: |
00000005.00000002.2907261510.00000000005E1000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
5E1000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
49C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1894436988.00000000049C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
49C0000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4DC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1655205420.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4DC0000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
E91000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2907795956.0000000000E91000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E91000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
9C1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2907236987.00000000009C1000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
9C1000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4B60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1713791639.0000000004B60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4B60000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
E91000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2908237269.0000000000E91000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E91000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4320000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1715659153.0000000004320000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4320000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5E1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2907712400.00000000005E1000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
5E1000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4AA0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1808878932.0000000004AA0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4AA0000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2B1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2910612148.0000000002B1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B1F000
|
| Size: |
4096
|
|
|
4BA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1716455615.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BA0000
|
| Size: |
4096
|
|
|
8AE000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.1697331465.00000000008AE000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
8AE000
|
| Size: |
724992
|
|
|
C6B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.2908181660.0000000000C6B000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C6B000
|
| Size: |
86016
|
|
|
FC3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2907795956.0000000000FC3000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FC3000
|
| Size: |
20480
|
|
|
301F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2911116558.000000000301F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
301F000
|
| Size: |
4096
|
|
|
419F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912435164.000000000419F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
419F000
|
| Size: |
4096
|
|
|
4B00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2912497769.0000000004B00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B00000
|
| Size: |
4096
|
|
|
11BD000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000009.00000002.2909678113.00000000011BD000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
11BD000
|
| Size: |
12288
|
|
|
728000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000002.2907904187.0000000000728000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
728000
|
| Size: |
1445888
|
|
|
436F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2911913527.000000000436F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
436F000
|
| Size: |
4096
|
|
|
4AD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1814547494.0000000004AD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4AD0000
|
| Size: |
4096
|
|
|
5026000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1667317189.0000000005026000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5026000
|
| Size: |
4096
|
|
|
305F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2910416570.000000000305F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
305F000
|
| Size: |
4096
|
|
|
2DDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2910913029.0000000002DDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DDE000
|
| Size: |
8192
|
|
|
3E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2911957803.0000000003E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E5E000
|
| Size: |
8192
|
|
|
8A0000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2908724108.00000000008A0000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
8A0000
|
| Size: |
49152
|
|
|
D60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2907727121.0000000000D60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D60000
|
| Size: |
16384
|
|
|
115E000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000009.00000000.1889028059.000000000115E000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
115E000
|
| Size: |
724992
|
|
|
1165000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2909382460.0000000001165000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1165000
|
| Size: |
159744
|
|
|
372E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910746415.000000000372E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
372E000
|
| Size: |
8192
|
|
|
3A1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2912128381.0000000003A1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A1F000
|
| Size: |
4096
|
|
|
48BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912666506.00000000048BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
48BE000
|
| Size: |
8192
|
|
|
113B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.2908724803.000000000113B000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
113B000
|
| Size: |
86016
|
|
|
1197000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000009.00000002.2909548840.0000000001197000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1197000
|
| Size: |
49152
|
|
|
4AD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1816403121.0000000004AD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4AD0000
|
| Size: |
12288
|
|
|
713000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2907261510.0000000000713000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
713000
|
| Size: |
20480
|
|
|
31EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910279139.00000000031EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31EF000
|
| Size: |
4096
|
|
|
413E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912115513.000000000413E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
413E000
|
| Size: |
8192
|
|
|
1820000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1655617591.0000000001820000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1820000
|
| Size: |
4096
|
|
|
409E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2912622507.000000000409E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
409E000
|
| Size: |
8192
|
|
|
12FA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2909692267.00000000012FA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12FA000
|
| Size: |
8192
|
|
|
5E0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2907651645.00000000005E0000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5E0000
|
| Size: |
4096
|
|
|
4A00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000003.1894768539.0000000004A00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4A00000
|
| Size: |
4096
|
|
|
40EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2911673341.00000000040EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40EF000
|
| Size: |
4096
|
|
|
97C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000002.2909131231.000000000097C000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
97C000
|
| Size: |
20480
|
|
|
1139000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2908661625.0000000001139000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1139000
|
| Size: |
8192
|
|
|
17FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2910261931.00000000017FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17FE000
|
| Size: |
8192
|
|
|
48AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2912314247.00000000048AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
48AE000
|
| Size: |
8192
|
|
|
AF3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2907236987.0000000000AF3000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
AF3000
|
| Size: |
20480
|
|
|
A7C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2907195859.0000000000A7C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A7C000
|
| Size: |
16384
|
|
|
2E1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2910304989.0000000002E1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E1E000
|
| Size: |
8192
|
|
|
49AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2912354559.00000000049AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49AF000
|
| Size: |
4096
|
|
|
4A00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000003.1894655859.0000000004A00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4A00000
|
| Size: |
8192
|
|
|
3F5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912294150.0000000003F5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F5E000
|
| Size: |
8192
|
|
|
4320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1716530710.0000000004320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4320000
|
| Size: |
4096
|
|
|
486F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2912274886.000000000486F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
486F000
|
| Size: |
4096
|
|
|
4C7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912916286.0000000004C7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C7E000
|
| Size: |
8192
|
|
|
B52000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2909798840.0000000000B52000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B52000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
E4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2907684591.0000000000E4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E4F000
|
| Size: |
4096
|
|
|
421E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2912237465.000000000421E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
421E000
|
| Size: |
8192
|
|
|
4BA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1716200559.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BA0000
|
| Size: |
4096
|
|
|
B08000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.2907782154.0000000000B08000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
B08000
|
| Size: |
1445888
|
|
|
12FD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2909692267.00000000012FD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12FD000
|
| Size: |
217088
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
CD3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2908765437.0000000000CD3000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CD3000
|
| Size: |
106496
|
|
|
481E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912917823.000000000481E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
481E000
|
| Size: |
8192
|
|
|
11C0000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2909353984.00000000011C0000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
11C0000
|
| Size: |
221184
|
|
|
4320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1716065556.0000000004320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4320000
|
| Size: |
8192
|
|
|
495E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912997331.000000000495E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
495E000
|
| Size: |
8192
|
|
|
718000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000005.00000002.2907710982.0000000000718000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
718000
|
| Size: |
12288
|
|
|
4DD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1655526066.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DD0000
|
| Size: |
4096
|
|
|
8B5000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2908887511.00000000008B5000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
8B5000
|
| Size: |
159744
|
|
|
1214000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1799666348.0000000001214000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
3A5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2911531260.0000000003A5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A5F000
|
| Size: |
4096
|
|
|
4AD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1816339518.0000000004AD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4AD0000
|
| Size: |
4096
|
|
|
391F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2911408294.000000000391F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
391F000
|
| Size: |
4096
|
|
|
386E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910873422.000000000386E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
386E000
|
| Size: |
8192
|
|
|
337E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2910716431.000000000337E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
337E000
|
| Size: |
8192
|
|
|
3A5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2911896923.0000000003A5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A5E000
|
| Size: |
8192
|
|
|
4AD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1815403329.0000000004AD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4AD0000
|
| Size: |
4096
|
|
|
1211000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1799666348.0000000001211000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1211000
|
| Size: |
4096
|
|
|
35EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910612876.00000000035EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35EE000
|
| Size: |
8192
|
|
|
153E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2910138598.000000000153E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
153E000
|
| Size: |
8192
|
|
|
C95000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2908468824.0000000000C95000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C95000
|
| Size: |
159744
|
|
|
3D3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2911738699.0000000003D3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D3F000
|
| Size: |
4096
|
|
|
D5C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.2909205888.0000000000D5C000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D5C000
|
| Size: |
20480
|
|
|
122B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2909928591.000000000122B000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
122B000
|
| Size: |
4096
|
|
|
37DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2911535755.00000000037DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37DE000
|
| Size: |
8192
|
|
|
FC8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000009.00000000.1889012925.0000000000FC8000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
FC8000
|
| Size: |
16384
|
|
|
1232000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.2909695678.0000000001232000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1232000
|
| Size: |
45056
|
|
|
35BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2910918659.00000000035BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35BF000
|
| Size: |
4096
|
|
|
4DCF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2913002181.0000000004DCF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DCF000
|
| Size: |
2002944
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
DCA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1907381206.0000000000DCA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DCA000
|
| Size: |
4096
|
|
|
122B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000009.00000000.1889028059.000000000122B000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
122B000
|
| Size: |
24576
|
|
|
4FFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2913202150.0000000004FFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FFE000
|
| Size: |
8192
|
|
|
4A00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000003.1894736643.0000000004A00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4A00000
|
| Size: |
4096
|
|
|
5044000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1667317189.0000000005044000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5044000
|
| Size: |
24576
|
|
|
4DD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1655481830.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DD0000
|
| Size: |
4096
|
|
|
40DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2912145591.00000000040DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40DE000
|
| Size: |
8192
|
|
|
409E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912386706.000000000409E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
409E000
|
| Size: |
8192
|
|
|
32DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2910909513.00000000032DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32DE000
|
| Size: |
8192
|
|
|
3AAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2911053319.0000000003AAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3AAF000
|
| Size: |
4096
|
|
|
346F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910418743.000000000346F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
346F000
|
| Size: |
4096
|
|
|
C2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2907441016.0000000000C2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C2E000
|
| Size: |
8192
|
|
|
4320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1716438928.0000000004320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4320000
|
| Size: |
4096
|
|
|
3BDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2911727353.0000000003BDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BDE000
|
| Size: |
8192
|
|
|
9C0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2907152157.00000000009C0000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9C0000
|
| Size: |
4096
|
|
|
3A1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2911830556.0000000003A1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A1F000
|
| Size: |
4096
|
|
|
4BD2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1808878932.0000000004BD2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4BD2000
|
| Size: |
16384
|
|
|
469F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912802352.000000000469F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
469F000
|
| Size: |
4096
|
|
|
32DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2911503590.00000000032DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32DE000
|
| Size: |
8192
|
|
|
365F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2911787626.000000000365F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
365F000
|
| Size: |
4096
|
|
|
3AEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2911126659.0000000003AEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3AEE000
|
| Size: |
8192
|
|
|
4C3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912876851.0000000004C3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C3F000
|
| Size: |
4096
|
|
|
4A5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2913029727.0000000004A5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A5F000
|
| Size: |
4096
|
|
|
3F9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2912059661.0000000003F9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F9E000
|
| Size: |
8192
|
|
|
459F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2912437439.000000000459F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
459F000
|
| Size: |
4096
|
|
|
4EF2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1655205420.0000000004EF2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4EF2000
|
| Size: |
16384
|
|
|
8DC000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000002.2908615437.00000000008DC000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
8DC000
|
| Size: |
4096
|
|
|
46DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2912529580.00000000046DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46DF000
|
| Size: |
4096
|
|
|
387E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2911298952.000000000387E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
387E000
|
| Size: |
8192
|
|
|
4FD6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1674547555.0000000004FD6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FD6000
|
| Size: |
4096
|
|
|
13F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2910004432.00000000013F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13F0000
|
| Size: |
16384
|
|
|
3E1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912195299.0000000003E1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E1E000
|
| Size: |
8192
|
|
|
44BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912311886.00000000044BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44BF000
|
| Size: |
4096
|
|
|
118D000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2909089565.000000000118D000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
118D000
|
| Size: |
40960
|
|
|
CC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2910164034.0000000000CC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CC0000
|
| Size: |
8192
|
|
|
B46000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2909798840.0000000000B46000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B46000
|
| Size: |
4096
|
|
|
333F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2910649513.000000000333F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
333F000
|
| Size: |
4096
|
|
|
CBD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2908644702.0000000000CBD000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CBD000
|
| Size: |
40960
|
|
|
455D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2913080816.000000000455D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
455D000
|
| Size: |
12288
|
|
|
4DD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1655419919.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DD0000
|
| Size: |
4096
|
|
|
D44000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.1649764072.0000000000D44000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D44000
|
| Size: |
4096
|
|
|
1242000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2910056886.0000000001242000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1242000
|
| Size: |
4096
|
|
|
4320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1716575968.0000000004320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4320000
|
| Size: |
12288
|
|
|
33DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2911561654.00000000033DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33DF000
|
| Size: |
4096
|
|
|
961000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.1697331465.0000000000961000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
961000
|
| Size: |
4096
|
|
|
49D2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2912807334.00000000049D2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49D2000
|
| Size: |
2002944
|
|
|
D2D000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2908891317.0000000000D2D000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D2D000
|
| Size: |
12288
|
|
|
13DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2909927703.00000000013DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13DE000
|
| Size: |
8192
|
|
|
FCB000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2908631166.0000000000FCB000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FCB000
|
| Size: |
4096
|
|
|
351F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2911163545.000000000351F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
351F000
|
| Size: |
4096
|
|
|
122C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.2909695678.000000000122C000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
122C000
|
| Size: |
20480
|
|
|
355E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2911258938.000000000355E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
355E000
|
| Size: |
8192
|
|
|
115E000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2908810094.000000000115E000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
115E000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4DCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2913260000.0000000004DCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4DCE000
|
| Size: |
8192
|
|
|
8B3000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000002.2908499591.00000000008B3000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
8B3000
|
| Size: |
8192
|
|
|
309E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2910460090.000000000309E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
309E000
|
| Size: |
8192
|
|
|
4AD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1816318949.0000000004AD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4AD0000
|
| Size: |
4096
|
|
|
45FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912413935.00000000045FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45FF000
|
| Size: |
4096
|
|
|
137E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1680666390.000000000137E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
137E000
|
| Size: |
8192
|
|
|
4BA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1715941225.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BA0000
|
| Size: |
4096
|
|
|
463E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912476685.000000000463E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
463E000
|
| Size: |
8192
|
|
|
50FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2913223407.00000000050FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50FE000
|
| Size: |
8192
|
|
|
4AEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2912438717.0000000004AEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4AEF000
|
| Size: |
4096
|
|
|
4DD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1655594240.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DD0000
|
| Size: |
12288
|
|
|
4D9D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2912898471.0000000004D9D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D9D000
|
| Size: |
12288
|
|
|
DC6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2907853014.0000000000DC6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC6000
|
| Size: |
12288
|
|
|
4AD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1816239876.0000000004AD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4AD0000
|
| Size: |
4096
|
|
|
D4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2907672025.0000000000D4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D4F000
|
| Size: |
4096
|
|
|
15C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910006635.00000000015C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C0000
|
| Size: |
16384
|
|
|
C40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2907538654.0000000000C40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
16384
|
|
|
462E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2912147639.000000000462E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
462E000
|
| Size: |
8192
|
|
|
4AD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1815359357.0000000004AD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4AD0000
|
| Size: |
4096
|
|
|
CF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2910235107.0000000000CF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CF0000
|
| Size: |
16384
|
|
|
97B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2909086231.000000000097B000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
97B000
|
| Size: |
4096
|
|
|
455F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912731296.000000000455F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
455F000
|
| Size: |
4096
|
|
|
449E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2912393672.000000000449E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
449E000
|
| Size: |
8192
|
|
|
4BA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1715868860.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BA0000
|
| Size: |
4096
|
|
|
AEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2909692951.0000000000AEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AEE000
|
| Size: |
8192
|
|
|
4320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1716516796.0000000004320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4320000
|
| Size: |
4096
|
|
|
37DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2911972622.00000000037DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37DE000
|
| Size: |
8192
|
|
|
1466000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2910091238.0000000001466000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1466000
|
| Size: |
4096
|
|
|
71B000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2908151714.000000000071B000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
71B000
|
| Size: |
4096
|
|
|
39BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2911408330.00000000039BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39BE000
|
| Size: |
8192
|
|
|
8E7000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000002.2908722240.00000000008E7000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
8E7000
|
| Size: |
49152
|
|
|
2B50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2910129919.0000000002B50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B50000
|
| Size: |
8192
|
|
|
E90000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1888893497.0000000000E90000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E90000
|
| Size: |
4096
|
|
|
4CCD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2913242102.0000000004CCD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4CCD000
|
| Size: |
12288
|
|
|
3A9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2911598426.0000000003A9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A9E000
|
| Size: |
8192
|
|
|
32DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2910680649.00000000032DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32DF000
|
| Size: |
4096
|
|
|
49FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912763778.00000000049FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49FE000
|
| Size: |
8192
|
|
|
3DDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912148099.0000000003DDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DDF000
|
| Size: |
4096
|
|
|
115E000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2909193362.000000000115E000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
115E000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
40FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912072299.00000000040FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40FF000
|
| Size: |
4096
|
|
|
29DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2910460583.00000000029DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
29DF000
|
| Size: |
4096
|
|
|
309F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2910719216.000000000309F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
309F000
|
| Size: |
4096
|
|
|
2C5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2910743721.0000000002C5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C5F000
|
| Size: |
4096
|
|
|
42DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2912766025.00000000042DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42DF000
|
| Size: |
4096
|
|
|
11A3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2909191877.00000000011A3000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
11A3000
|
| Size: |
106496
|
|
|
D72000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.1649764072.0000000000D72000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D72000
|
| Size: |
4096
|
|
|
1150000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2908810094.0000000001150000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1150000
|
| Size: |
49152
|
|
|
CF0000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2908891317.0000000000CF0000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CF0000
|
| Size: |
221184
|
|
|
4327000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2912806399.0000000004327000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4327000
|
| Size: |
2002944
|
|
|
437F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912234934.000000000437F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
437F000
|
| Size: |
4096
|
|
|
8AE000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2908724108.00000000008AE000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
8AE000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3C3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2911677839.0000000003C3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C3E000
|
| Size: |
8192
|
|
|
322E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910310000.000000000322E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
322E000
|
| Size: |
8192
|
|
|
379F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2911476349.000000000379F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
379F000
|
| Size: |
4096
|
|
|
4FCD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1674547555.0000000004FCD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FCD000
|
| Size: |
20480
|
|
|
D0C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2909324108.0000000000D0C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D0C000
|
| Size: |
16384
|
|
|
4A00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000003.1894719980.0000000004A00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4A00000
|
| Size: |
4096
|
|
|
5040000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1674547555.0000000005040000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5040000
|
| Size: |
24576
|
|
|
345E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2910852979.000000000345E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
345E000
|
| Size: |
8192
|
|
|
4B70000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1716497930.0000000004B70000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B70000
|
| Size: |
4096
|
|
|
992000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.1697331465.0000000000992000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
992000
|
| Size: |
4096
|
|
|
4DD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1655452481.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DD0000
|
| Size: |
4096
|
|
|
4DD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1655403949.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DD0000
|
| Size: |
4096
|
|
|
36EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910681917.00000000036EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36EF000
|
| Size: |
4096
|
|
|
992000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2909629551.0000000000992000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
992000
|
| Size: |
4096
|
|
|
369E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2911402925.000000000369E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
369E000
|
| Size: |
8192
|
|
|
CBC000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.2908578978.0000000000CBC000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
CBC000
|
| Size: |
4096
|
|
|
C30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2907496182.0000000000C30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C30000
|
| Size: |
4096
|
|
|
503D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1667317189.000000000503D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
503D000
|
| Size: |
24576
|
|
|
369F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2911120616.000000000369F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
369F000
|
| Size: |
4096
|
|
|
4BA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1715846739.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BA0000
|
| Size: |
4096
|
|
|
FC8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000007.00000000.1799640363.0000000000FC8000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
FC8000
|
| Size: |
16384
|
|
|
B50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1733485628.0000000000B50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B50000
|
| Size: |
4096
|
|
|
47DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912880582.00000000047DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
47DF000
|
| Size: |
4096
|
|
|
4BA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1716264737.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BA0000
|
| Size: |
4096
|
|
|
4DD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1655436267.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DD0000
|
| Size: |
4096
|
|
|
341F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2910786122.000000000341F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
341F000
|
| Size: |
4096
|
|
|
B7C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2907333963.0000000000B7C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B7C000
|
| Size: |
16384
|
|
|
5029000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1674547555.0000000005029000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5029000
|
| Size: |
4096
|
|
|
D90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2909538687.0000000000D90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D90000
|
| Size: |
4096
|
|
|
3CDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2912356514.0000000003CDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CDE000
|
| Size: |
8192
|
|
|
139E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2909871246.000000000139E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
139E000
|
| Size: |
8192
|
|
|
3DDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2912392028.0000000003DDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DDF000
|
| Size: |
4096
|
|
|
2E3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2910430347.0000000002E3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E3E000
|
| Size: |
8192
|
|
|
279F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2910342210.000000000279F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
279F000
|
| Size: |
4096
|
|
|
C69000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2908128735.0000000000C69000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C69000
|
| Size: |
8192
|
|
|
3F5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2912005272.0000000003F5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F5F000
|
| Size: |
4096
|
|
|
AFB000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2907655683.0000000000AFB000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
AFB000
|
| Size: |
4096
|
|
|
45DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2912481065.00000000045DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45DE000
|
| Size: |
8192
|
|
|
94D000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2908888904.000000000094D000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
94D000
|
| Size: |
12288
|
|
|
DD2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2907853014.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DD2000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
391D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2912079830.000000000391D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
391D000
|
| Size: |
12288
|
|
|
5023000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1667317189.0000000005023000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5023000
|
| Size: |
4096
|
|
|
5026000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1674547555.0000000005026000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5026000
|
| Size: |
4096
|
|
|
31DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2910614562.00000000031DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31DE000
|
| Size: |
8192
|
|
|
4FCA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1667317189.0000000004FCA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FCA000
|
| Size: |
20480
|
|
|
3B9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912003515.0000000003B9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B9E000
|
| Size: |
8192
|
|
|
8B5000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2908545698.00000000008B5000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
8B5000
|
| Size: |
159744
|
|
|
97B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2909471331.000000000097B000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
97B000
|
| Size: |
4096
|
|
|
AFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2907332672.0000000000AFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AFD000
|
| Size: |
12288
|
|
|
122B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2909634093.000000000122B000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
122B000
|
| Size: |
4096
|
|
|
45EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2912107386.00000000045EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45EF000
|
| Size: |
4096
|
|
|
88B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000002.2908316691.000000000088B000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
88B000
|
| Size: |
86016
|
|
|
3CDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2911789008.0000000003CDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CDF000
|
| Size: |
4096
|
|
|
422F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2911787543.000000000422F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
422F000
|
| Size: |
4096
|
|
|
3C2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2911245225.0000000003C2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C2E000
|
| Size: |
8192
|
|
|
713000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2907712400.0000000000713000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
713000
|
| Size: |
20480
|
|
|
540000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2907502303.0000000000540000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
540000
|
| Size: |
16384
|
|
|
1232000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000009.00000000.1889028059.0000000001232000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1232000
|
| Size: |
45056
|
|
|
395E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2911469394.000000000395E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
395E000
|
| Size: |
8192
|
|
|
D62000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.2909205888.0000000000D62000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D62000
|
| Size: |
45056
|
|
|
445F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2912357174.000000000445F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
445F000
|
| Size: |
4096
|
|
|
4EA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2912976902.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EA0000
|
| Size: |
4096
|
|
|
412E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2911724626.000000000412E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
412E000
|
| Size: |
8192
|
|
|
982000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000002.2909131231.0000000000982000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
982000
|
| Size: |
45056
|
|
|
15C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910006635.00000000015C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C7000
|
| Size: |
12288
|
|
|
379F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2911916831.000000000379F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
379F000
|
| Size: |
4096
|
|
|
122C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000009.00000002.2909966644.000000000122C000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
122C000
|
| Size: |
20480
|
|
|
1850000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2910343314.0000000001850000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1850000
|
| Size: |
16384
|
|
|
4320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1716560056.0000000004320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4320000
|
| Size: |
4096
|
|
|
4DD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1655384691.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DD0000
|
| Size: |
8192
|
|
|
369E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2911851663.000000000369E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
369E000
|
| Size: |
8192
|
|
|
28DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2910418133.00000000028DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
28DE000
|
| Size: |
8192
|
|
|
1232000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000009.00000002.2909966644.0000000001232000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1232000
|
| Size: |
45056
|
|
|
441F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912624916.000000000441F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
441F000
|
| Size: |
4096
|
|
|
4BA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1716433121.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BA0000
|
| Size: |
4096
|
|
|
30EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910242952.00000000030EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30EE000
|
| Size: |
8192
|
|
|
3BFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2911603543.0000000003BFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BFF000
|
| Size: |
4096
|
|
|
4AA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1816452227.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4AA0000
|
| Size: |
4096
|
|
|
4AD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1811679488.0000000004AD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4AD0000
|
| Size: |
8192
|
|
|
982000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.1697331465.0000000000982000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
982000
|
| Size: |
45056
|
|
|
423F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912149502.000000000423F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
423F000
|
| Size: |
4096
|
|
|
42DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912531590.00000000042DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42DF000
|
| Size: |
4096
|
|
|
319E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2911335105.000000000319E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
319E000
|
| Size: |
8192
|
|
|
15BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2909980996.00000000015BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
15BE000
|
| Size: |
8192
|
|
|
C8E000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.1649764072.0000000000C8E000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C8E000
|
| Size: |
724992
|
|
|
C8E000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2908269198.0000000000C8E000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C8E000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
34AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910462475.00000000034AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34AE000
|
| Size: |
8192
|
|
|
36DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2911205751.00000000036DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36DE000
|
| Size: |
8192
|
|
|
115E000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1799666348.000000000115E000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
115E000
|
| Size: |
724992
|
|
|
1211000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000009.00000000.1889028059.0000000001211000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1211000
|
| Size: |
4096
|
|
|
4DD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1655467421.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DD0000
|
| Size: |
4096
|
|
|
4DD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2913292639.0000000004DD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DD0000
|
| Size: |
4096
|
|
|
8B3000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.2908835451.00000000008B3000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
8B3000
|
| Size: |
8192
|
|
|
8DD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2908660368.00000000008DD000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
8DD000
|
| Size: |
40960
|
|
|
355F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2910926195.000000000355F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
355F000
|
| Size: |
4096
|
|
|
2DBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2910346263.0000000002DBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DBF000
|
| Size: |
4096
|
|
|
133D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2909692267.000000000133D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
133D000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
BE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2907392112.0000000000BE0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BE0000
|
| Size: |
4096
|
|
|
118C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.2909031254.000000000118C000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
118C000
|
| Size: |
4096
|
|
|
383F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2911235824.000000000383F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
383F000
|
| Size: |
4096
|
|
|
3ABF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2911474736.0000000003ABF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ABF000
|
| Size: |
4096
|
|
|
373E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2911170702.000000000373E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
373E000
|
| Size: |
8192
|
|
|
473F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912529499.000000000473F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
473F000
|
| Size: |
4096
|
|
|
910000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2908888904.0000000000910000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
910000
|
| Size: |
221184
|
|
|
142E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2910091238.000000000142E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
142E000
|
| Size: |
184320
|
|
|
289F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2910379460.000000000289F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
289F000
|
| Size: |
4096
|
|
|
1310000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2909771088.0000000001310000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1310000
|
| Size: |
4096
|
|
|
319F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2910498770.000000000319F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
319F000
|
| Size: |
4096
|
|
|
2B5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2910685258.0000000002B5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B5E000
|
| Size: |
8192
|
|
|
43AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2911969058.00000000043AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43AE000
|
| Size: |
8192
|
|
|
B10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2909798840.0000000000B10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B10000
|
| Size: |
24576
|
|
|
FC3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2908237269.0000000000FC3000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FC3000
|
| Size: |
20480
|
|
|
133D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1733485940.000000000133D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
133D000
|
| Size: |
8192
|
|
|
951000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2909265082.0000000000951000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
951000
|
| Size: |
57344
|
|
|
431F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2912281062.000000000431F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
431F000
|
| Size: |
4096
|
|
|
B50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2909798840.0000000000B50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B50000
|
| Size: |
4096
|
|
|
AFC000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2907713977.0000000000AFC000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
AFC000
|
| Size: |
49152
|
|
|
4A00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000003.1894834288.0000000004A00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4A00000
|
| Size: |
4096
|
|
|
3FBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2911967340.0000000003FBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FBF000
|
| Size: |
4096
|
|
|
982000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000000.1696551569.0000000000982000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
982000
|
| Size: |
45056
|
|
|
510000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2907433161.0000000000510000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
510000
|
| Size: |
4096
|
|
|
137E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2909823323.000000000137E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
137E000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2F9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2910652655.0000000002F9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F9F000
|
| Size: |
4096
|
|
|
97B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000000.1696551569.000000000097B000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
97B000
|
| Size: |
24576
|
|
|
2DDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2910267297.0000000002DDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DDF000
|
| Size: |
4096
|
|
|
4CFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2913150338.0000000004CFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4CFE000
|
| Size: |
8192
|
|
|
1242000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2909821477.0000000001242000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1242000
|
| Size: |
4096
|
|
|
FB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2909538498.0000000000FB0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FB0000
|
| Size: |
4096
|
|
|
4B74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2912537161.0000000004B74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B74000
|
| Size: |
2002944
|
|
|
CC7000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.2908704151.0000000000CC7000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
CC7000
|
| Size: |
49152
|
|
|
341E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2911604509.000000000341E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
341E000
|
| Size: |
8192
|
|
|
5E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.1697178283.00000000005E0000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5E0000
|
| Size: |
4096
|
|
|
118C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000009.00000002.2909452727.000000000118C000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
118C000
|
| Size: |
4096
|
|
|
49EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2912392042.00000000049EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49EE000
|
| Size: |
8192
|
|
|
33DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2910984188.00000000033DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33DF000
|
| Size: |
4096
|
|
|
10FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2909594920.00000000010FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
10FC000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
94D000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2909265082.000000000094D000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
94D000
|
| Size: |
12288
|
|
|
545000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2907502303.0000000000545000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
545000
|
| Size: |
12288
|
|
|
FCC000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1799666348.0000000000FCC000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
FCC000
|
| Size: |
1638400
|
|
|
419F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2912670030.000000000419F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
419F000
|
| Size: |
4096
|
|
|
1CD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2907310519.00000000001CD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1CD000
|
| Size: |
12288
|
|
|
481F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2912627472.000000000481F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
481F000
|
| Size: |
4096
|
|
|
491F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912958882.000000000491F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
491F000
|
| Size: |
4096
|
|
|
2C9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2910788039.0000000002C9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C9E000
|
| Size: |
8192
|
|
|
2F6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910127881.0000000002F6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F6F000
|
| Size: |
4096
|
|
|
4AD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1815750992.0000000004AD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4AD0000
|
| Size: |
4096
|
|
|
319F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2910783755.000000000319F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
319F000
|
| Size: |
4096
|
|
|
2FAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910167216.0000000002FAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FAE000
|
| Size: |
8192
|
|
|
13F7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2910004432.00000000013F7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13F7000
|
| Size: |
12288
|
|
|
3A5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2912175060.0000000003A5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A5E000
|
| Size: |
8192
|
|
|
AFC000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.1649764072.0000000000AFC000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
AFC000
|
| Size: |
1638400
|
|
|
405F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912342319.000000000405F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
405F000
|
| Size: |
4096
|
|
|
11FD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2909353984.00000000011FD000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
11FD000
|
| Size: |
12288
|
|
|
FC8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000007.00000002.2908156570.0000000000FC8000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
FC8000
|
| Size: |
12288
|
|
|
8F3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2909129320.00000000008F3000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
8F3000
|
| Size: |
106496
|
|
|
476E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2912235990.000000000476E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
476E000
|
| Size: |
8192
|
|
|
FCB000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2908232459.0000000000FCB000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FCB000
|
| Size: |
4096
|
|
|
2C9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2910205666.0000000002C9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C9F000
|
| Size: |
4096
|
|
|
269F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2910303212.000000000269F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
269F000
|
| Size: |
4096
|
|
|
44AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2912006169.00000000044AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44AF000
|
| Size: |
4096
|
|
|
B18000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2909798840.0000000000B18000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B18000
|
| Size: |
184320
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
3B9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2911670817.0000000003B9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B9F000
|
| Size: |
4096
|
|
|
CED000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.2908833171.0000000000CED000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
CED000
|
| Size: |
12288
|
|
|
DBE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2907853014.0000000000DBE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DBE000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
1201000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2909353984.0000000001201000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1201000
|
| Size: |
57344
|
|
|
964000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000000.1696551569.0000000000964000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
964000
|
| Size: |
4096
|
|
|
4A00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000003.1894784229.0000000004A00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4A00000
|
| Size: |
4096
|
|
|
992000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000000.1696551569.0000000000992000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
992000
|
| Size: |
4096
|
|
|
E90000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2907743147.0000000000E90000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
E90000
|
| Size: |
4096
|
|
|
4DD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1655576563.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DD0000
|
| Size: |
4096
|
|
|
3D7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2911790783.0000000003D7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D7E000
|
| Size: |
8192
|
|
|
FC8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000009.00000002.2908575875.0000000000FC8000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
FC8000
|
| Size: |
12288
|
|
|
3D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2911363260.0000000003D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D6E000
|
| Size: |
8192
|
|
|
C8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2910125508.0000000000C8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C8E000
|
| Size: |
8192
|
|
|
11FD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2909733186.00000000011FD000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
11FD000
|
| Size: |
12288
|
|
|
4E9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2912937336.0000000004E9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E9E000
|
| Size: |
8192
|
|
|
2E7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2910475907.0000000002E7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E7E000
|
| Size: |
8192
|
|
|
4320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1716477335.0000000004320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4320000
|
| Size: |
4096
|
|
|
459E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912775635.000000000459E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
459E000
|
| Size: |
8192
|
|
|
4DD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1655541003.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DD0000
|
| Size: |
4096
|
|
|
97B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.1697331465.000000000097B000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
97B000
|
| Size: |
24576
|
|
|
3C9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912057740.0000000003C9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C9F000
|
| Size: |
4096
|
|
|
1242000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000009.00000000.1889028059.0000000001242000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1242000
|
| Size: |
4096
|
|
|
5E1000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.1697195466.00000000005E1000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
5E1000
|
| Size: |
593920
|
|
|
391E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2911718442.000000000391E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
391E000
|
| Size: |
8192
|
|
|
4AFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912799841.0000000004AFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4AFF000
|
| Size: |
4096
|
|
|
113B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000009.00000002.2909126459.000000000113B000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
113B000
|
| Size: |
86016
|
|
|
CC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2907194679.00000000000CC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CC000
|
| Size: |
16384
|
|
|
13E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2909964981.00000000013E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E0000
|
| Size: |
4096
|
|
|
D70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2909384254.0000000000D70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D70000
|
| Size: |
16384
|
|
|
2CDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2910242848.0000000002CDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CDE000
|
| Size: |
8192
|
|
|
397F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2911352361.000000000397F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
397F000
|
| Size: |
4096
|
|
|
3F1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912250939.0000000003F1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F1F000
|
| Size: |
4096
|
|
|
477E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912580099.000000000477E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
477E000
|
| Size: |
8192
|
|
|
D90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2907853014.0000000000D90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D90000
|
| Size: |
24576
|
|
|
2A1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2910499630.0000000002A1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A1E000
|
| Size: |
8192
|
|
|
964000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.1697331465.0000000000964000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
964000
|
| Size: |
4096
|
|
|
2F1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2911041256.0000000002F1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F1E000
|
| Size: |
8192
|
|
|
11C0000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2909733186.00000000011C0000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
11C0000
|
| Size: |
221184
|
|
|
329F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2911404196.000000000329F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
329F000
|
| Size: |
4096
|
|
|
336E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910382001.000000000336E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
336E000
|
| Size: |
8192
|
|
|
4C92000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1713791639.0000000004C92000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C92000
|
| Size: |
16384
|
|
|
487F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912624132.000000000487F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
487F000
|
| Size: |
4096
|
|
|
35AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910500665.00000000035AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35AF000
|
| Size: |
4096
|
|
|
718000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000006.00000002.2908082573.0000000000718000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
718000
|
| Size: |
12288
|
|
|
38DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2912024939.00000000038DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38DF000
|
| Size: |
4096
|
|
|
1857000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2910343314.0000000001857000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1857000
|
| Size: |
12288
|
|
|
17BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2910207068.00000000017BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17BE000
|
| Size: |
8192
|
|
|
71B000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2907778108.000000000071B000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
71B000
|
| Size: |
4096
|
|
|
1420000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2910091238.0000000001420000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1420000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
71C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000000.1696551569.000000000071C000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
71C000
|
| Size: |
1638400
|
|
|
2F5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2910380784.0000000002F5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F5E000
|
| Size: |
8192
|
|
|
3F1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2912483968.0000000003F1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F1F000
|
| Size: |
4096
|
|
|
12FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2909714951.00000000012FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12FC000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
1232000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1799666348.0000000001232000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1232000
|
| Size: |
45056
|
|
|
1242000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1799666348.0000000001242000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1242000
|
| Size: |
4096
|
|
|
4AD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1815428401.0000000004AD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4AD0000
|
| Size: |
4096
|
|
|
1163000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.2908921946.0000000001163000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1163000
|
| Size: |
8192
|
|
|
961000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000000.1696551569.0000000000961000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
961000
|
| Size: |
4096
|
|
|
8AE000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000000.1696551569.00000000008AE000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
8AE000
|
| Size: |
724992
|
|
|
41DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2912721551.00000000041DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41DE000
|
| Size: |
8192
|
|
|
3F5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2912527089.0000000003F5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F5E000
|
| Size: |
8192
|
|
|
71C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.1697331465.000000000071C000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
71C000
|
| Size: |
1638400
|
|
|
12F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2909692267.00000000012F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12F0000
|
| Size: |
32768
|
|
|
4A00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000003.1894816824.0000000004A00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4A00000
|
| Size: |
4096
|
|
|
CB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1716594218.0000000000CB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CB0000
|
| Size: |
4096
|
|
|
3B9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2912267769.0000000003B9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B9E000
|
| Size: |
8192
|
|
|
E90000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.1799255918.0000000000E90000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E90000
|
| Size: |
4096
|
|
|
323E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2910526666.000000000323E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
323E000
|
| Size: |
8192
|
|
|
382F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910810251.000000000382F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
382F000
|
| Size: |
4096
|
|
|
2E90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2910529131.0000000002E90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E90000
|
| Size: |
8192
|
|
|
359E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2911026748.000000000359E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
359E000
|
| Size: |
8192
|
|
|
C45000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2907538654.0000000000C45000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C45000
|
| Size: |
12288
|
|
|
D62000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.1649764072.0000000000D62000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D62000
|
| Size: |
45056
|
|
|
4AF2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1894436988.0000000004AF2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4AF2000
|
| Size: |
16384
|
|
|
471E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2912580802.000000000471E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
471E000
|
| Size: |
8192
|
|
|
3C9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2912312147.0000000003C9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C9F000
|
| Size: |
4096
|
|
|
9C1000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.1649626355.00000000009C1000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
9C1000
|
| Size: |
593920
|
|
|
472F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2912194618.000000000472F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
472F000
|
| Size: |
4096
|
|
|
AF8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1649743770.0000000000AF8000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
AF8000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
718000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000005.00000000.1696534004.0000000000718000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
718000
|
| Size: |
16384
|
|
|
FA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2909470826.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FA0000
|
| Size: |
20480
|
|
|
11A3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2909598452.00000000011A3000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
11A3000
|
| Size: |
106496
|
|
|
3FEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2911601254.0000000003FEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FEE000
|
| Size: |
8192
|
|
|
4320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1716545390.0000000004320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4320000
|
| Size: |
4096
|
|
|
1373000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2909823323.0000000001373000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1373000
|
| Size: |
4096
|
|
|
D5B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.1649764072.0000000000D5B000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D5B000
|
| Size: |
24576
|
|
|
3E1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2912437104.0000000003E1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E1E000
|
| Size: |
8192
|
|
|
305E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2911199281.000000000305E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
305E000
|
| Size: |
8192
|
|
|
889000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2908602477.0000000000889000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
889000
|
| Size: |
8192
|
|
|
145C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2910091238.000000000145C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
145C000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
30AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910204553.00000000030AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30AF000
|
| Size: |
4096
|
|
|
34BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2910847433.00000000034BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34BE000
|
| Size: |
8192
|
|
|
8A0000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2908379723.00000000008A0000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
8A0000
|
| Size: |
49152
|
|
|
3FAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2911533218.0000000003FAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FAF000
|
| Size: |
4096
|
|
|
88B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.2908650246.000000000088B000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
88B000
|
| Size: |
86016
|
|
|
1201000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2909733186.0000000001201000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1201000
|
| Size: |
57344
|
|
|
405F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2912575664.000000000405F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
405F000
|
| Size: |
4096
|
|
|
C30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2907499380.0000000000C30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C30000
|
| Size: |
16384
|
|
|
C35000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2907499380.0000000000C35000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C35000
|
| Size: |
12288
|
|
|
427E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912192621.000000000427E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
427E000
|
| Size: |
8192
|
|
|
90D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.2909204904.000000000090D000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
90D000
|
| Size: |
12288
|
|
|
8DD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2909015175.00000000008DD000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
8DD000
|
| Size: |
40960
|
|
|
43BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912272663.00000000043BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43BE000
|
| Size: |
8192
|
|
|
71C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2908212071.000000000071C000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
71C000
|
| Size: |
49152
|
|
|
4D00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2913172474.0000000004D00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D00000
|
| Size: |
4096
|
|
|
133A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2909823323.000000000133A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
133A000
|
| Size: |
8192
|
|
|
2DFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2910383404.0000000002DFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DFE000
|
| Size: |
8192
|
|
|
4320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1716202625.0000000004320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4320000
|
| Size: |
4096
|
|
|
341E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2911069438.000000000341E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
341E000
|
| Size: |
8192
|
|
|
718000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000006.00000000.1697278893.0000000000718000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
718000
|
| Size: |
16384
|
|
|
409F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2912104986.000000000409F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
409F000
|
| Size: |
4096
|
|
|
D31000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2908891317.0000000000D31000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D31000
|
| Size: |
57344
|
|
|
4A00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000003.1894680017.0000000004A00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4A00000
|
| Size: |
4096
|
|
|
118D000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2909501098.000000000118D000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
118D000
|
| Size: |
40960
|
|
|
1214000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000009.00000000.1889028059.0000000001214000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
D4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2907614737.0000000000D4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D4E000
|
| Size: |
8192
|
|
|
4BFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2913116541.0000000004BFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BFE000
|
| Size: |
8192
|
|
|
426E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2911850262.000000000426E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
426E000
|
| Size: |
8192
|
|
|
FC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2909636985.0000000000FC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FC0000
|
| Size: |
4096
|
|
|
8DC000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.2908957824.00000000008DC000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
8DC000
|
| Size: |
4096
|
|
|
951000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2908888904.0000000000951000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
951000
|
| Size: |
57344
|
|
|
E91000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000009.00000000.1888906235.0000000000E91000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
E91000
|
| Size: |
593920
|
|
|
8E7000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.2909077040.00000000008E7000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
8E7000
|
| Size: |
49152
|
|
|
41DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2912195967.00000000041DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41DF000
|
| Size: |
4096
|
|
|
F3C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2909412776.0000000000F3C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F3C000
|
| Size: |
16384
|
|
|
4AA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2913057896.0000000004AA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AA1000
|
| Size: |
2002944
|
|
|
FCC000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2908286537.0000000000FCC000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FCC000
|
| Size: |
49152
|
|
|
D41000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.1649764072.0000000000D41000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D41000
|
| Size: |
4096
|
|
|
445E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912668487.000000000445E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
445E000
|
| Size: |
8192
|
|
|
3EBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2911916228.0000000003EBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EBE000
|
| Size: |
8192
|
|
|
71C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2907848920.000000000071C000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
71C000
|
| Size: |
49152
|
|
|
163F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2910173765.000000000163F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
163F000
|
| Size: |
4096
|
|
|
351F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2911675880.000000000351F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
351F000
|
| Size: |
4096
|
|
|
11BD000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.2909296628.00000000011BD000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
11BD000
|
| Size: |
12288
|
|
|
37DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2911285806.00000000037DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37DF000
|
| Size: |
4096
|
|
|
1375000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2909823323.0000000001375000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1375000
|
| Size: |
4096
|
|
|
41DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912483569.00000000041DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41DE000
|
| Size: |
8192
|
|
|
4BA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1715774353.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BA0000
|
| Size: |
4096
|
|
|
8F3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2908778913.00000000008F3000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
8F3000
|
| Size: |
106496
|
|
|
FD8000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000009.00000002.2908751850.0000000000FD8000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
FD8000
|
| Size: |
1445888
|
|
|
4A00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000003.1894752789.0000000004A00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4A00000
|
| Size: |
4096
|
|
|
D67000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2907727121.0000000000D67000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D67000
|
| Size: |
12288
|
|
|
5E0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2907156931.00000000005E0000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5E0000
|
| Size: |
4096
|
|
|
D98000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2907853014.0000000000D98000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D98000
|
| Size: |
151552
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
D72000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2909349437.0000000000D72000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D72000
|
| Size: |
4096
|
|
|
B48000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2909798840.0000000000B48000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B48000
|
| Size: |
4096
|
|
|
44FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912353769.00000000044FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44FE000
|
| Size: |
8192
|
|
|
7AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2907177231.00000000007AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7AC000
|
| Size: |
16384
|
|
|
36FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2911092024.00000000036FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36FF000
|
| Size: |
4096
|
|
|
5E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000000.1696440960.00000000005E0000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5E0000
|
| Size: |
4096
|
|
|
4BA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1715064716.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BA0000
|
| Size: |
8192
|
|
|
347F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2910784666.000000000347F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
347F000
|
| Size: |
4096
|
|
|
355E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2911727221.000000000355E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
355E000
|
| Size: |
8192
|
|
|
365F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2911333009.000000000365F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
365F000
|
| Size: |
4096
|
|
|
46DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912845474.00000000046DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46DE000
|
| Size: |
8192
|
|
|
AF8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000002.2907593962.0000000000AF8000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
AF8000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
2F1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2910344138.0000000002F1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F1F000
|
| Size: |
4096
|
|
|
1165000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2908954101.0000000001165000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1165000
|
| Size: |
159744
|
|
|
5E1000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000000.1696461796.00000000005E1000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
5E1000
|
| Size: |
593920
|
|
|
38DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2911605624.00000000038DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38DF000
|
| Size: |
4096
|
|
|
D5B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2909137887.0000000000D5B000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D5B000
|
| Size: |
4096
|
|
|
44EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2912060727.00000000044EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44EE000
|
| Size: |
8192
|
|
|
4BA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1716476948.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BA0000
|
| Size: |
12288
|
|
|
4A00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000003.1894701681.0000000004A00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4A00000
|
| Size: |
4096
|
|
|
1197000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.2909133057.0000000001197000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1197000
|
| Size: |
49152
|
|
|
49BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912719160.00000000049BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49BF000
|
| Size: |
4096
|
|
|
3AFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2911535339.0000000003AFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3AFE000
|
| Size: |
8192
|
|
|
3E1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2911915042.0000000003E1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E1F000
|
| Size: |
4096
|
|
|
35FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2911020266.00000000035FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35FE000
|
| Size: |
8192
|
|
|
5047000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1674547555.0000000005047000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5047000
|
| Size: |
24576
|
|
|
1830000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2910306790.0000000001830000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1830000
|
| Size: |
8192
|
|
|
4FD3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1667317189.0000000004FD3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FD3000
|
| Size: |
4096
|
|
|
FCC000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2908688990.0000000000FCC000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FCC000
|
| Size: |
49152
|
|
|
4A00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000003.1894800098.0000000004A00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4A00000
|
| Size: |
4096
|
|
|
1163000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000009.00000002.2909324385.0000000001163000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1163000
|
| Size: |
8192
|
|
|
3B5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2911954014.0000000003B5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B5F000
|
| Size: |
4096
|
|
|
4320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1716417519.0000000004320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4320000
|
| Size: |
4096
|
|
|
331E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2910744504.000000000331E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
331E000
|
| Size: |
8192
|
|
|
1335000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1733485940.0000000001335000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1335000
|
| Size: |
4096
|
|
|
4DD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1655558515.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DD0000
|
| Size: |
4096
|
|
|
992000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2909259980.0000000000992000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
992000
|
| Size: |
4096
|
|
|
4452000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1715659153.0000000004452000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4452000
|
| Size: |
16384
|
|
|
D75000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2909384254.0000000000D75000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D75000
|
| Size: |
12288
|
|
|
1330000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2909823323.0000000001330000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1330000
|
| Size: |
32768
|
|
|
728000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.2908274078.0000000000728000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
728000
|
| Size: |
1445888
|
|
|
465E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2913101409.000000000465E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
465E000
|
| Size: |
8192
|
|
|
4A00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000003.1894851867.0000000004A00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4A00000
|
| Size: |
12288
|
|
|
3CDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912106233.0000000003CDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CDE000
|
| Size: |
8192
|
|
|
C80000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2908269198.0000000000C80000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C80000
|
| Size: |
49152
|
|
|
DD2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1907381206.0000000000DD2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DD2000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3D1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2911855025.0000000003D1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D1E000
|
| Size: |
8192
|
|
|
90D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000002.2908836616.000000000090D000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
90D000
|
| Size: |
12288
|
|
|
4B3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912842715.0000000004B3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B3E000
|
| Size: |
8192
|
|
|
3B5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2912225226.0000000003B5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B5F000
|
| Size: |
4096
|
|
|
AF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2909747465.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AF0000
|
| Size: |
4096
|
|
|
2B40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2910110263.0000000002B40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B40000
|
| Size: |
4096
|
|
|
3E7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2911854403.0000000003E7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E7F000
|
| Size: |
4096
|
|
|
982000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.2909523685.0000000000982000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
982000
|
| Size: |
45056
|
|
|
2B9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2910167012.0000000002B9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B9E000
|
| Size: |
8192
|
|
|
495F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2912750054.000000000495F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
495F000
|
| Size: |
4096
|
|
|
431E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2912578352.000000000431E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
431E000
|
| Size: |
8192
|
|
|
4FD8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1674547555.0000000004FD8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FD8000
|
| Size: |
311296
|
|
|
12E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2909645440.00000000012E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12E0000
|
| Size: |
8192
|
|
|
133E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2909823323.000000000133E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
133E000
|
| Size: |
212992
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
146E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1829757146.000000000146E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
146E000
|
| Size: |
8192
|
|
|
2EDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2910976137.0000000002EDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EDF000
|
| Size: |
4096
|
|
|
4320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1716456061.0000000004320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4320000
|
| Size: |
4096
|
|
|
30FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2910442950.00000000030FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30FF000
|
| Size: |
4096
|
|
|
1150000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2909193362.0000000001150000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1150000
|
| Size: |
49152
|
|
|
1139000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2909078722.0000000001139000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1139000
|
| Size: |
8192
|
|
|
3EAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2911472321.0000000003EAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EAE000
|
| Size: |
8192
|
|
|
4320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1716496818.0000000004320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4320000
|
| Size: |
4096
|
|
|
329F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2910845638.000000000329F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
329F000
|
| Size: |
4096
|
|
|
435E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2912321814.000000000435E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
435E000
|
| Size: |
8192
|
|
|
315F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2911284697.000000000315F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
315F000
|
| Size: |
4096
|
|
|
485E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2912697554.000000000485E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
485E000
|
| Size: |
8192
|
|
|
381E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2911354855.000000000381E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
381E000
|
| Size: |
8192
|
|
|
31FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2910475812.00000000031FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31FF000
|
| Size: |
4096
|
|
|
B52000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1733485628.0000000000B52000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B52000
|
| Size: |
4096
|
|
|
CD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2910202276.0000000000CD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
4096
|
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2910235107.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CF7000
|
| Size: |
12288
|
|
|
49D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000003.1894873566.00000000049D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
49D0000
|
| Size: |
4096
|
|
|
D80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2909490994.0000000000D80000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D80000
|
| Size: |
4096
|
|
|
910000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.2909265082.0000000000910000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
910000
|
| Size: |
221184
|
|
|
E91000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1799520046.0000000000E91000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
E91000
|
| Size: |
593920
|
|
|
4D7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912955999.0000000004D7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D7F000
|
| Size: |
4096
|
|
|
C4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2910091510.0000000000C4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C4E000
|
| Size: |
8192
|
|
|
1376000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1680666390.0000000001376000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1376000
|
| Size: |
4096
|
|
|
BF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2907451721.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BF0000
|
| Size: |
4096
|
|
|
4AD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1814522768.0000000004AD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4AD0000
|
| Size: |
4096
|
|
|
889000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2908247019.0000000000889000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
889000
|
| Size: |
8192
|
|
|
157E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2909939069.000000000157E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
157E000
|
| Size: |
8192
|
|
|
2D9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2910850314.0000000002D9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D9F000
|
| Size: |
4096
|
|
|
97C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.2909523685.000000000097C000.00000080.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
97C000
|
| Size: |
20480
|
|
|
4BA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1715823748.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BA0000
|
| Size: |
4096
|
|
|
C93000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.2908408329.0000000000C93000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C93000
|
| Size: |
8192
|
|
|
8AE000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2908379723.00000000008AE000.00000040.00000001.01000000.00000004.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
8AE000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
B10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2907386199.0000000000B10000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B10000
|
| Size: |
4096
|
|
|
39AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910976850.00000000039AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39AE000
|
| Size: |
8192
|
|
|
3E6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2911405476.0000000003E6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E6F000
|
| Size: |
4096
|
|
|
142A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2910091238.000000000142A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
142A000
|
| Size: |
8192
|
|
|
4AD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1816217998.0000000004AD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4AD0000
|
| Size: |
4096
|
|
|
3FFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2912016405.0000000003FFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FFE000
|
| Size: |
8192
|
|
|
FCC000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000009.00000000.1889028059.0000000000FCC000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
FCC000
|
| Size: |
1638400
|
|
|
3D2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2911310544.0000000003D2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D2F000
|
| Size: |
4096
|
|
|
2E6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910093083.0000000002E6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E6F000
|
| Size: |
4096
|
|
|
146E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2910091238.000000000146E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
146E000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
396F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910925518.000000000396F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
396F000
|
| Size: |
4096
|
|
|
FD8000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.2908346929.0000000000FD8000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
FD8000
|
| Size: |
1445888
|
|
|
9C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1649551818.00000000009C0000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
9C0000
|
| Size: |
4096
|
|
|
4FD5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1667317189.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FD5000
|
| Size: |
311296
|
|
|
4BA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1715888454.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BA0000
|
| Size: |
4096
|
|
|
122B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1799666348.000000000122B000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
122B000
|
| Size: |
24576
|
|
|
E90000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2908170860.0000000000E90000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
E90000
|
| Size: |
4096
|
|
|
332F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2910345832.000000000332F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
332F000
|
| Size: |
4096
|
|
|
3BEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2911195931.0000000003BEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BEF000
|
| Size: |
4096
|
|
|
430000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.2907365240.0000000000430000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
430000
|
| Size: |
4096
|
|
