|
5F40000
|
unclassified section
|
page execute and read and write
|
 |
|
|
| Name: |
0000000B.00000002.2525177852.0000000005F40000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
5F40000
|
| Size: |
4673536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara signature match |
System Summary |
|
|
|
5100000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.2508565553.0000000005100000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5100000
|
| Size: |
274432
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara signature match |
System Summary |
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000016.00000002.2508429271.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
286720
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara signature match |
System Summary |
|
|
|
23C7BCC2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112588093.0000023C7BCC2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BCC2000
|
| Size: |
258048
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
20CF30A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236697228.0000020CF30A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30A1000
|
| Size: |
4096
|
|
|
23751A00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2417825525.0000023751A00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23751A00000
|
| Size: |
10485760
|
|
|
277E0CE9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2420565731.00000277E0CE9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E0CE9000
|
| Size: |
4096
|
|
|
6E34000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2525177852.0000000006E34000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
6E34000
|
| Size: |
10485760
|
|
|
23C7BCBC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104869945.0000023C7BCBC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BCBC000
|
| Size: |
12288
|
|
|
5729000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000016.00000002.2508687036.0000000005729000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5729000
|
| Size: |
4096
|
|
|
24D8B035000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2235790444.0000024D8B035000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24D8B035000
|
| Size: |
57344
|
|
|
5AF7000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2524707325.0000000005AF7000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5AF7000
|
| Size: |
4096
|
|
|
24D8B0B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2235790444.0000024D8B0B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24D8B0B0000
|
| Size: |
200704
|
|
|
7FF746471000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000000.2100869205.00007FF746471000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FF746471000
|
| Size: |
1183744
|
|
|
27D13CB6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104523774.0000027D13CB6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13CB6000
|
| Size: |
40960
|
|
|
23C7BC36000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112588093.0000023C7BC36000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BC36000
|
| Size: |
20480
|
|
|
20CF30C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236024107.0000020CF30C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30C4000
|
| Size: |
16384
|
|
|
7FF746697000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.2101052574.00007FF746697000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF746697000
|
| Size: |
385024
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
23C7BCC3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104356596.0000023C7BCC3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BCC3000
|
| Size: |
4096
|
|
|
20CF30CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236398655.0000020CF30CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30CE000
|
| Size: |
8192
|
|
|
5DA1000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2524707325.0000000005DA1000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5DA1000
|
| Size: |
4096
|
|
|
2374A8A7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319735016.000002374A8A7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A8A7000
|
| Size: |
16384
|
|
|
5F3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2525145178.0000000005F3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F3F000
|
| Size: |
4096
|
|
|
2374A87C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2358566484.000002374A87C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A87C000
|
| Size: |
69632
|
|
|
23C7BEC9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112784187.0000023C7BEC9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BEC9000
|
| Size: |
4096
|
|
|
20CF30C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236264622.0000020CF30C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30C4000
|
| Size: |
16384
|
|
|
7FF74C1B2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2281946595.00007FF74C1B2000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FF74C1B2000
|
| Size: |
335872
|
|
|
20CF3109000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246551099.0000020CF3109000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF3109000
|
| Size: |
77824
|
|
|
7FF74C090000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2281039035.00007FF74C090000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF74C090000
|
| Size: |
4096
|
|
|
550E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2524327634.000000000550E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
550E000
|
| Size: |
8192
|
|
|
24D8B03F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236747789.0000024D8B03F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24D8B03F000
|
| Size: |
4096
|
|
|
20CF30A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246551099.0000020CF30A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30A4000
|
| Size: |
118784
|
|
|
20CF30C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236398655.0000020CF30C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30C6000
|
| Size: |
8192
|
|
|
277E2804000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319187021.00000277E2804000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E2804000
|
| Size: |
4096
|
|
|
27D13CC1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104751620.0000027D13CC1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13CC1000
|
| Size: |
4096
|
|
|
277E2731000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2318542986.00000277E2731000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E2731000
|
| Size: |
4096
|
|
|
7FF74C2B7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2283673628.00007FF74C2B7000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF74C2B7000
|
| Size: |
385024
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
277E2735000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2318542986.00000277E2735000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E2735000
|
| Size: |
57344
|
|
|
7FF746592000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2121934093.00007FF746592000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FF746592000
|
| Size: |
335872
|
|
|
B0EC2FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112411352.000000B0EC2FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0EC2FE000
|
| Size: |
8192
|
|
|
277E27B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2318806319.00000277E27B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E27B2000
|
| Size: |
200704
|
|
|
27D13CB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2103743051.0000027D13CB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13CB0000
|
| Size: |
20480
|
|
|
24D08B1F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2280777386.0000024D08B1F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
24D08B1F000
|
| Size: |
4096
|
|
|
27D13D06000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104523774.0000027D13D06000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13D06000
|
| Size: |
4096
|
|
|
27C9171F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2121451793.0000027C9171F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
27C9171F000
|
| Size: |
4096
|
|
|
5790000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2524589619.0000000005790000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5790000
|
| Size: |
4096
|
|
|
20CFA2EC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2248002161.0000020CFA2EC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20CFA2EC000
|
| Size: |
475136
|
|
|
598F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2524610678.000000000598F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
598F000
|
| Size: |
4096
|
|
|
23C80E00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2114909407.0000023C80E00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23C80E00000
|
| Size: |
1236992
|
|
|
20CF310A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236911244.0000020CF310A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF310A000
|
| Size: |
12288
|
|
|
24D8B030000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2280929419.0000024D8B030000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24D8B030000
|
| Size: |
57344
|
|
|
5A0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2524630778.0000000005A0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5A0E000
|
| Size: |
8192
|
|
|
505C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2524240864.000000000505C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
505C000
|
| Size: |
16384
|
|
|
20CF30BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236933719.0000020CF30BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30BF000
|
| Size: |
4096
|
|
|
23C7BCA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104662423.0000023C7BCA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BCA0000
|
| Size: |
8192
|
|
|
23C7BCC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2103939419.0000023C7BCC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BCC4000
|
| Size: |
12288
|
|
|
277E27E2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319009801.00000277E27E2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E27E2000
|
| Size: |
4096
|
|
|
2374A7B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2354420414.000002374A7B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A7B0000
|
| Size: |
8192
|
|
|
5BB2000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2524707325.0000000005BB2000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5BB2000
|
| Size: |
311296
|
|
|
5590000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2524474054.0000000005590000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5590000
|
| Size: |
94208
|
|
|
277E27B6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319187021.00000277E27B6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E27B6000
|
| Size: |
40960
|
|
|
2374A8B7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2318672615.000002374A8B7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A8B7000
|
| Size: |
8192
|
|
|
2375240A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2417825525.000002375240A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2375240A000
|
| Size: |
6254592
|
|
|
277E27C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319507735.00000277E27C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E27C1000
|
| Size: |
4096
|
|
|
23C7BB90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112525836.0000023C7BB90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BB90000
|
| Size: |
4096
|
|
|
23C7BBD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112560403.0000023C7BBD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23C7BBD0000
|
| Size: |
4096
|
|
|
7FF74C2A7000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000007.00000000.2231714893.00007FF74C2A7000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FF74C2A7000
|
| Size: |
8192
|
|
|
2374A88B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319361914.000002374A88B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A88B000
|
| Size: |
4096
|
|
|
20CF3109000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236024107.0000020CF3109000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF3109000
|
| Size: |
8192
|
|
|
23C7BC3C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112588093.0000023C7BC3C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BC3C000
|
| Size: |
77824
|
|
|
27D13CBF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104751620.0000027D13CBF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13CBF000
|
| Size: |
4096
|
|
|
2374E800000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2378152022.000002374E800000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2374E800000
|
| Size: |
4096
|
|
|
23C7BCAE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104662423.0000023C7BCAE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BCAE000
|
| Size: |
20480
|
|
|
23C7BCAE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104825103.0000023C7BCAE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BCAE000
|
| Size: |
45056
|
|
|
4C746FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246389005.0000004C746FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C746FE000
|
| Size: |
8192
|
|
|
23C83200000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2117712243.0000023C83200000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23C83200000
|
| Size: |
6336512
|
|
|
7FF74C2A7000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2421631226.00007FF74C2A7000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FF74C2A7000
|
| Size: |
8192
|
|
|
4C747FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246403880.0000004C747FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C747FF000
|
| Size: |
4096
|
|
|
23751000000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2417825525.0000023751000000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23751000000
|
| Size: |
10485760
|
|
|
23C7BD07000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2103939419.0000023C7BD07000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BD07000
|
| Size: |
12288
|
|
|
2374A899000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319633932.000002374A899000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A899000
|
| Size: |
20480
|
|
|
5DBD000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2524707325.0000000005DBD000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5DBD000
|
| Size: |
4096
|
|
|
23C7BE00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112784187.0000023C7BE00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BE00000
|
| Size: |
4096
|
|
|
2374A8AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319735016.000002374A8AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A8AE000
|
| Size: |
4096
|
|
|
7FF74C2B7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000010.00000000.2314065912.00007FF74C2B7000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF74C2B7000
|
| Size: |
385024
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
23C7BEEF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112784187.0000023C7BEEF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BEEF000
|
| Size: |
65536
|
|
|
27D13CE2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104751620.0000027D13CE2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13CE2000
|
| Size: |
4096
|
|
|
7FF74C2B7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000010.00000002.2421657143.00007FF74C2B7000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF74C2B7000
|
| Size: |
385024
|
|
|
20CF311A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236911244.0000020CF311A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF311A000
|
| Size: |
8192
|
|
|
58CD000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000016.00000002.2508687036.00000000058CD000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
58CD000
|
| Size: |
4096
|
|
|
20CF3030000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246551099.0000020CF3030000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF3030000
|
| Size: |
20480
|
|
|
4C744FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246363466.0000004C744FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C744FF000
|
| Size: |
4096
|
|
|
2374A8F2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2318672615.000002374A8F2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A8F2000
|
| Size: |
12288
|
|
|
7FF74C2AF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2283499120.00007FF74C2AF000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FF74C2AF000
|
| Size: |
32768
|
|
|
20CF30BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236791072.0000020CF30BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30BF000
|
| Size: |
4096
|
|
|
2374EC00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2381435866.000002374EC00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2374EC00000
|
| Size: |
10485760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
20CF30C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236398655.0000020CF30C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30C9000
|
| Size: |
4096
|
|
|
23C7D800000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112933573.0000023C7D800000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23C7D800000
|
| Size: |
8192
|
|
|
27D13D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104523774.0000027D13D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13D04000
|
| Size: |
4096
|
|
|
23C7BCCC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2103939419.0000023C7BCCC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BCCC000
|
| Size: |
8192
|
|
|
20CF310C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236024107.0000020CF310C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF310C000
|
| Size: |
36864
|
|
|
20CFA200000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2248002161.0000020CFA200000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20CFA200000
|
| Size: |
962560
|
|
|
20CF3345000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246795085.0000020CF3345000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF3345000
|
| Size: |
12288
|
|
|
277E2730000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2420626896.00000277E2730000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E2730000
|
| Size: |
4096
|
|
|
277E27B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319187021.00000277E27B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E27B0000
|
| Size: |
20480
|
|
|
277E27BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319507735.00000277E27BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E27BF000
|
| Size: |
4096
|
|
|
5580000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2524442674.0000000005580000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5580000
|
| Size: |
16384
|
|
|
2374A89F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319361914.000002374A89F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A89F000
|
| Size: |
20480
|
|
|
23C7BCC8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2103939419.0000023C7BCC8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BCC8000
|
| Size: |
4096
|
|
|
23C7BCBA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104662423.0000023C7BCBA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BCBA000
|
| Size: |
4096
|
|
|
24D8B082000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236865891.0000024D8B082000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24D8B082000
|
| Size: |
16384
|
|
|
2374A89A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319070492.000002374A89A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A89A000
|
| Size: |
12288
|
|
|
2374A8A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319776999.000002374A8A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A8A5000
|
| Size: |
8192
|
|
|
20CF32ED000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246711555.0000020CF32ED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF32ED000
|
| Size: |
73728
|
|
|
20CF310C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236264622.0000020CF310C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF310C000
|
| Size: |
36864
|
|
|
27D13CB2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2103719027.0000027D13CB2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13CB2000
|
| Size: |
200704
|
|
|
20CF30AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236933719.0000020CF30AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30AF000
|
| Size: |
61440
|
|
|
20CF2FC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246495839.0000020CF2FC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF2FC0000
|
| Size: |
8192
|
|
|
55C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2524527351.00000000055C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
55C0000
|
| Size: |
20480
|
|
|
42F000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2524204937.000000000042F000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
42F000
|
| Size: |
4096
|
|
|
54C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2524300531.00000000054C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
54C0000
|
| Size: |
4096
|
|
|
20CF30B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236697228.0000020CF30B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30B0000
|
| Size: |
20480
|
|
|
23C80400000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2114909407.0000023C80400000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23C80400000
|
| Size: |
10485760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
27D13C35000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2103372770.0000027D13C35000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13C35000
|
| Size: |
57344
|
|
|
B0EB9FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112263757.000000B0EB9FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0EB9FE000
|
| Size: |
8192
|
|
|
B0EBDFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112318479.000000B0EBDFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0EBDFF000
|
| Size: |
4096
|
|
|
20CF3200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246711555.0000020CF3200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF3200000
|
| Size: |
4096
|
|
|
AAE16FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2346881542.000000AAE16FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AAE16FE000
|
| Size: |
8192
|
|
|
554A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2524376704.000000000554A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
554A000
|
| Size: |
4096
|
|
|
277E27B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2318745372.00000277E27B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E27B0000
|
| Size: |
208896
|
|
|
7FF74C1B2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2421540381.00007FF74C1B2000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FF74C1B2000
|
| Size: |
335872
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FF74C2A7000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2283499120.00007FF74C2A7000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FF74C2A7000
|
| Size: |
8192
|
|
|
20CF30BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236957731.0000020CF30BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30BF000
|
| Size: |
4096
|
|
|
277E0D0D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2420565731.00000277E0D0D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E0D0D000
|
| Size: |
73728
|
|
|
27D13CB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104523774.0000027D13CB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13CB0000
|
| Size: |
20480
|
|
|
20CF3010000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246523219.0000020CF3010000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20CF3010000
|
| Size: |
4096
|
|
|
20CF9800000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2248002161.0000020CF9800000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20CF9800000
|
| Size: |
10485760
|
|
|
2374A879000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2358566484.000002374A879000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A879000
|
| Size: |
8192
|
|
|
20CF3036000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246551099.0000020CF3036000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF3036000
|
| Size: |
20480
|
|
|
31D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.2508354469.000000000031D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31D000
|
| Size: |
12288
|
|
|
277E2731000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2318837514.00000277E2731000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E2731000
|
| Size: |
8192
|
|
|
24D8B031000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2235790444.0000024D8B031000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24D8B031000
|
| Size: |
4096
|
|
|
20CF7400000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246907638.0000020CF7400000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20CF7400000
|
| Size: |
10485760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
20CF30B5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236551224.0000020CF30B5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30B5000
|
| Size: |
8192
|
|
|
7FF74C091000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000007.00000000.2231553488.00007FF74C091000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FF74C091000
|
| Size: |
1183744
|
|
|
5A10000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2524655971.0000000005A10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A10000
|
| Size: |
8192
|
|
|
2374A810000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2357507163.000002374A810000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2374A810000
|
| Size: |
4096
|
|
|
23C7BCB2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104356596.0000023C7BCB2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BCB2000
|
| Size: |
45056
|
|
|
2374A8B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2358566484.000002374A8B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A8B4000
|
| Size: |
45056
|
|
|
B0EC1FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112391389.000000B0EC1FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0EC1FE000
|
| Size: |
8192
|
|
|
23C7BCC3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104869945.0000023C7BCC3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BCC3000
|
| Size: |
4096
|
|
|
AAE19FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2352481389.000000AAE19FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AAE19FE000
|
| Size: |
8192
|
|
|
4C745FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246375461.0000004C745FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C745FE000
|
| Size: |
8192
|
|
|
27D13D06000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104751620.0000027D13D06000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13D06000
|
| Size: |
4096
|
|
|
277E2806000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319187021.00000277E2806000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E2806000
|
| Size: |
4096
|
|
|
AAE11FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2340325604.000000AAE11FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AAE11FF000
|
| Size: |
4096
|
|
|
3D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.2508414105.00000000003D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D0000
|
| Size: |
4096
|
|
|
AAE14FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2344057158.000000AAE14FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AAE14FE000
|
| Size: |
8192
|
|
|
27C856FA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2121375770.0000027C856FA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
27C856FA000
|
| Size: |
8192
|
|
|
5B76000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2524707325.0000000005B76000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5B76000
|
| Size: |
241664
|
|
|
23C82800000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2117712243.0000023C82800000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23C82800000
|
| Size: |
10485760
|
|
|
23C7F800000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112958150.0000023C7F800000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23C7F800000
|
| Size: |
8392704
|
|
|
23C8380C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2117712243.0000023C8380C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23C8380C000
|
| Size: |
6246400
|
|
|
20CF2FE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246509014.0000020CF2FE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF2FE0000
|
| Size: |
4096
|
|
|
5300000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.2508637427.0000000005300000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5300000
|
| Size: |
8192
|
|
|
526F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.2508621875.000000000526F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
526F000
|
| Size: |
4096
|
|
|
7FF74C204000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2282577576.00007FF74C204000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF74C204000
|
| Size: |
667648
|
|
|
2374AAD5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2374241709.000002374AAD5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374AAD5000
|
| Size: |
12288
|
|
|
2374A89F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319776999.000002374A89F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A89F000
|
| Size: |
20480
|
|
|
20CF303C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246551099.0000020CF303C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF303C000
|
| Size: |
86016
|
|
|
23C7BBC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112541826.0000023C7BBC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23C7BBC0000
|
| Size: |
8192
|
|
|
20CF310C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236398655.0000020CF310C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF310C000
|
| Size: |
36864
|
|
|
AAE10FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2339486238.000000AAE10FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AAE10FF000
|
| Size: |
4096
|
|
|
277E27B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2420626896.00000277E27B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E27B0000
|
| Size: |
20480
|
|
|
27D13C45000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2103372770.0000027D13C45000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13C45000
|
| Size: |
8192
|
|
|
27D13CB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2103372770.0000027D13CB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13CB0000
|
| Size: |
208896
|
|
|
2374A8B7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2318944289.000002374A8B7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A8B7000
|
| Size: |
8192
|
|
|
5510000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2524352302.0000000005510000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5510000
|
| Size: |
4096
|
|
|
277E27E2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319507735.00000277E27E2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E27E2000
|
| Size: |
4096
|
|
|
20CF3340000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246795085.0000020CF3340000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF3340000
|
| Size: |
12288
|
|
|
5B70000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2524707325.0000000005B70000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5B70000
|
| Size: |
16384
|
|
|
277E27B6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2420626896.00000277E27B6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E27B6000
|
| Size: |
45056
|
|
|
2374A8AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319478289.000002374A8AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A8AE000
|
| Size: |
4096
|
|
|
23C7BB60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112444595.0000023C7BB60000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BB60000
|
| Size: |
4096
|
|
|
380000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.2508378315.0000000000380000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
380000
|
| Size: |
4096
|
|
|
AAE12FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2341383189.000000AAE12FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AAE12FF000
|
| Size: |
4096
|
|
|
23752400000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2417825525.0000023752400000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23752400000
|
| Size: |
36864
|
|
|
23C7BCC3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104662423.0000023C7BCC3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BCC3000
|
| Size: |
4096
|
|
|
55C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2524527351.00000000055C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
55C7000
|
| Size: |
40960
|
|
|
B0EBEFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112330119.000000B0EBEFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0EBEFF000
|
| Size: |
4096
|
|
|
24D8B049000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2235790444.0000024D8B049000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24D8B049000
|
| Size: |
8192
|
|
|
2374A8AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2358566484.000002374A8AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A8AD000
|
| Size: |
24576
|
|
|
23C7BCAF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104379417.0000023C7BCAF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BCAF000
|
| Size: |
12288
|
|
|
20CF3090000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246551099.0000020CF3090000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF3090000
|
| Size: |
4096
|
|
|
AAE17FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2348160383.000000AAE17FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AAE17FD000
|
| Size: |
12288
|
|
|
2374A8AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2318944289.000002374A8AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A8AF000
|
| Size: |
16384
|
|
|
23C7BD07000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112588093.0000023C7BD07000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BD07000
|
| Size: |
16384
|
|
|
2374C400000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2377084226.000002374C400000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2374C400000
|
| Size: |
8192
|
|
|
7FF74C091000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000007.00000002.2281389898.00007FF74C091000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FF74C091000
|
| Size: |
1183744
|
|
|
5600000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000016.00000002.2508687036.0000000005600000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5600000
|
| Size: |
1208320
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
20CF7E00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246907638.0000020CF7E00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20CF7E00000
|
| Size: |
5300224
|
|
|
B0EBFFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112341936.000000B0EBFFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0EBFFE000
|
| Size: |
8192
|
|
|
7FF7465E4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.2100975577.00007FF7465E4000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7465E4000
|
| Size: |
667648
|
|
|
4C748FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246417686.0000004C748FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C748FE000
|
| Size: |
8192
|
|
|
2374AAD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2374241709.000002374AAD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374AAD0000
|
| Size: |
12288
|
|
|
20CF3109000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236398655.0000020CF3109000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF3109000
|
| Size: |
8192
|
|
|
AAE18FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2350768567.000000AAE18FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AAE18FC000
|
| Size: |
16384
|
|
|
4C73FC7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246313357.0000004C73FC7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C73FC7000
|
| Size: |
36864
|
|
|
27D13CB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2103683014.0000027D13CB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13CB0000
|
| Size: |
208896
|
|
|
7FF74C091000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000010.00000000.2313861960.00007FF74C091000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FF74C091000
|
| Size: |
1183744
|
|
|
23C7BB70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112462859.0000023C7BB70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BB70000
|
| Size: |
8192
|
|
|
20CF4C00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246833912.0000020CF4C00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20CF4C00000
|
| Size: |
8192
|
|
|
7FF74C090000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000010.00000000.2313834927.00007FF74C090000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF74C090000
|
| Size: |
4096
|
|
|
27D13CC1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104523774.0000027D13CC1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13CC1000
|
| Size: |
4096
|
|
|
2374A8A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319633932.000002374A8A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A8A5000
|
| Size: |
24576
|
|
|
277E27C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319187021.00000277E27C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E27C1000
|
| Size: |
4096
|
|
|
4C749FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246432281.0000004C749FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C749FD000
|
| Size: |
12288
|
|
|
4C74AFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246447147.0000004C74AFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C74AFE000
|
| Size: |
8192
|
|
|
20CF2FB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246479316.0000020CF2FB0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF2FB0000
|
| Size: |
4096
|
|
|
7FF74C2A7000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000010.00000000.2314045338.00007FF74C2A7000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FF74C2A7000
|
| Size: |
8192
|
|
|
27D13CB6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2121465240.0000027D13CB6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13CB6000
|
| Size: |
36864
|
|
|
7FF746687000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.2101037461.00007FF746687000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FF746687000
|
| Size: |
8192
|
|
|
27D13CB6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2103743051.0000027D13CB6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13CB6000
|
| Size: |
36864
|
|
|
20CF30AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236791072.0000020CF30AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30AF000
|
| Size: |
24576
|
|
|
23C7BCC3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104825103.0000023C7BCC3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BCC3000
|
| Size: |
4096
|
|
|
7FF74C204000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.2231662849.00007FF74C204000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF74C204000
|
| Size: |
667648
|
|
|
572D000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000016.00000002.2508687036.000000000572D000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
572D000
|
| Size: |
458752
|
|
|
27D13C30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2121465240.0000027D13C30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13C30000
|
| Size: |
4096
|
|
|
2374A899000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319361914.000002374A899000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A899000
|
| Size: |
16384
|
|
|
7FF7465E4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.2122007599.00007FF7465E4000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7465E4000
|
| Size: |
667648
|
|
|
23C80003000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112958150.0000023C80003000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23C80003000
|
| Size: |
49152
|
|
|
5350000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.2508652655.0000000005350000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5350000
|
| Size: |
24576
|
|
|
7FF74C2B7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.2231728181.00007FF74C2B7000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF74C2B7000
|
| Size: |
385024
|
|
|
277E27B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2318542986.00000277E27B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E27B0000
|
| Size: |
208896
|
|
|
7FF74C090000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000010.00000002.2420691644.00007FF74C090000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF74C090000
|
| Size: |
4096
|
|
|
20CFAD61000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2248002161.0000020CFAD61000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20CFAD61000
|
| Size: |
4849664
|
|
|
AAE0D47000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2336806356.000000AAE0D47000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AAE0D47000
|
| Size: |
36864
|
|
|
545A000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2524273351.000000000545A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
545A000
|
| Size: |
24576
|
|
|
2374A8C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2358566484.000002374A8C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A8C1000
|
| Size: |
212992
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
20CF30B5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236957731.0000020CF30B5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30B5000
|
| Size: |
36864
|
|
|
5C13000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2524707325.0000000005C13000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5C13000
|
| Size: |
16384
|
|
|
2374A8AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319029273.000002374A8AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A8AE000
|
| Size: |
4096
|
|
|
48E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.2508488407.00000000048E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48E0000
|
| Size: |
229376
|
|
|
2374A834000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2358566484.000002374A834000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A834000
|
| Size: |
24576
|
|
|
277E27B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2318837514.00000277E27B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E27B0000
|
| Size: |
20480
|
|
|
5520000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2524376704.0000000005520000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5520000
|
| Size: |
4096
|
|
|
20CF310A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236660448.0000020CF310A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF310A000
|
| Size: |
4096
|
|
|
27D13CE2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2103743051.0000027D13CE2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13CE2000
|
| Size: |
4096
|
|
|
23C7BF45000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112888752.0000023C7BF45000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BF45000
|
| Size: |
12288
|
|
|
7FF74C204000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000010.00000002.2421572534.00007FF74C204000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF74C204000
|
| Size: |
667648
|
|
|
2374A88E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2358566484.000002374A88E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A88E000
|
| Size: |
4096
|
|
|
27D13C31000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2103743051.0000027D13C31000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13C31000
|
| Size: |
8192
|
|
|
20CF30C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236847270.0000020CF30C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30C4000
|
| Size: |
8192
|
|
|
B0EB8F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112245792.000000B0EB8F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0EB8F7000
|
| Size: |
36864
|
|
|
2374A800000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2356338991.000002374A800000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2374A800000
|
| Size: |
4096
|
|
|
2374A8AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2318672615.000002374A8AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A8AE000
|
| Size: |
20480
|
|
|
2374A820000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2358566484.000002374A820000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A820000
|
| Size: |
28672
|
|
|
23C7BF40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112888752.0000023C7BF40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BF40000
|
| Size: |
12288
|
|
|
277E27B6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2318837514.00000277E27B6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E27B6000
|
| Size: |
36864
|
|
|
579E000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000016.00000002.2508687036.000000000579E000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
579E000
|
| Size: |
24576
|
|
|
7FF746687000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2122115864.00007FF746687000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FF746687000
|
| Size: |
8192
|
|
|
7FF74C090000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.2231387237.00007FF74C090000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF74C090000
|
| Size: |
4096
|
|
|
277E2806000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319507735.00000277E2806000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E2806000
|
| Size: |
4096
|
|
|
7FF746471000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.2121689608.00007FF746471000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FF746471000
|
| Size: |
1183744
|
|
|
20CF7003000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246855059.0000020CF7003000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20CF7003000
|
| Size: |
36864
|
|
|
20CF310C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236660448.0000020CF310C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF310C000
|
| Size: |
36864
|
|
|
7FF746470000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.2100827311.00007FF746470000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF746470000
|
| Size: |
4096
|
|
|
20CF30CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236024107.0000020CF30CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30CE000
|
| Size: |
8192
|
|
|
23C7BCB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104662423.0000023C7BCB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BCB4000
|
| Size: |
20480
|
|
|
2374F600000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2381435866.000002374F600000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2374F600000
|
| Size: |
5300224
|
|
|
B0EC3FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112425549.000000B0EC3FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0EC3FC000
|
| Size: |
16384
|
|
|
2374E803000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2378152022.000002374E803000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2374E803000
|
| Size: |
36864
|
|
|
277E27E2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319187021.00000277E27E2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E27E2000
|
| Size: |
4096
|
|
|
5948000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000016.00000002.2508687036.0000000005948000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5948000
|
| Size: |
16384
|
|
|
7FF74668F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2122115864.00007FF74668F000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FF74668F000
|
| Size: |
32768
|
|
|
5C19000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2524707325.0000000005C19000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5C19000
|
| Size: |
4096
|
|
|
5AF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2524707325.0000000005AF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5AF0000
|
| Size: |
8192
|
|
|
23C7BC30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112588093.0000023C7BC30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BC30000
|
| Size: |
20480
|
|
|
24D8B082000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236747789.0000024D8B082000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24D8B082000
|
| Size: |
16384
|
|
|
27D13CB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2121465240.0000027D13CB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13CB0000
|
| Size: |
20480
|
|
|
277E0C20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2420565731.00000277E0C20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E0C20000
|
| Size: |
4096
|
|
|
2374A8F2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2318944289.000002374A8F2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A8F2000
|
| Size: |
12288
|
|
|
50FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.2508548810.00000000050FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50FF000
|
| Size: |
4096
|
|
|
8234000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2525177852.0000000008234000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
8234000
|
| Size: |
4874240
|
|
|
B0EC0FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112363516.000000B0EC0FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0EC0FD000
|
| Size: |
12288
|
|
|
20CF3092000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246551099.0000020CF3092000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF3092000
|
| Size: |
69632
|
|
|
20CF32C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246711555.0000020CF32C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF32C9000
|
| Size: |
4096
|
|
|
4C743FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246348039.0000004C743FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C743FF000
|
| Size: |
4096
|
|
|
277E2749000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2318542986.00000277E2749000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E2749000
|
| Size: |
8192
|
|
|
7FF746697000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.2122274845.00007FF746697000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF746697000
|
| Size: |
385024
|
|
|
4C74BFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246463166.0000004C74BFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C74BFC000
|
| Size: |
16384
|
|
|
5A35000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2524682413.0000000005A35000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5A35000
|
| Size: |
4096
|
|
|
24D8B0A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236865891.0000024D8B0A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24D8B0A5000
|
| Size: |
4096
|
|
|
2374A89F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319633932.000002374A89F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A89F000
|
| Size: |
20480
|
|
|
27D13D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104751620.0000027D13D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13D04000
|
| Size: |
4096
|
|
|
58B1000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000016.00000002.2508687036.00000000058B1000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
58B1000
|
| Size: |
16384
|
|
|
AAE15FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2346166170.000000AAE15FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AAE15FF000
|
| Size: |
4096
|
|
|
2374A890000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2358566484.000002374A890000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A890000
|
| Size: |
114688
|
|
|
5B16000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2524707325.0000000005B16000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5B16000
|
| Size: |
364544
|
|
|
23C7BCAE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112588093.0000023C7BCAE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BCAE000
|
| Size: |
69632
|
|
|
20CF7000000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246855059.0000020CF7000000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20CF7000000
|
| Size: |
4096
|
|
|
2374A88B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319070492.000002374A88B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A88B000
|
| Size: |
4096
|
|
|
27D13C31000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2103372770.0000027D13C31000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13C31000
|
| Size: |
4096
|
|
|
3CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.2508396818.00000000003CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CE000
|
| Size: |
8192
|
|
|
23C7BC8E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112588093.0000023C7BC8E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BC8E000
|
| Size: |
126976
|
|
|
24D8B045000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2235790444.0000024D8B045000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24D8B045000
|
| Size: |
8192
|
|
|
7FF74C2AF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2421631226.00007FF74C2AF000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FF74C2AF000
|
| Size: |
32768
|
|
|
27D13C49000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2103372770.0000027D13C49000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13C49000
|
| Size: |
8192
|
|
|
20CF30C2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246551099.0000020CF30C2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30C2000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
20CF30C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236551224.0000020CF30C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30C4000
|
| Size: |
8192
|
|
|
2374A828000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2358566484.000002374A828000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A828000
|
| Size: |
45056
|
|
|
7FF746470000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.2121611974.00007FF746470000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF746470000
|
| Size: |
4096
|
|
|
277E27E2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2318837514.00000277E27E2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E27E2000
|
| Size: |
4096
|
|
|
27D13C32000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104523774.0000027D13C32000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13C32000
|
| Size: |
4096
|
|
|
4C742FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246331577.0000004C742FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C742FE000
|
| Size: |
8192
|
|
|
B0EBBFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112293609.000000B0EBBFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0EBBFF000
|
| Size: |
4096
|
|
|
277E2745000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2318542986.00000277E2745000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E2745000
|
| Size: |
8192
|
|
|
2374A89E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319029273.000002374A89E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A89E000
|
| Size: |
36864
|
|
|
20CFA361000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2248002161.0000020CFA361000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20CFA361000
|
| Size: |
10485760
|
|
|
55E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.2508469890.000000000055E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55E000
|
| Size: |
8192
|
|
|
20CF30A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236791072.0000020CF30A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30A1000
|
| Size: |
4096
|
|
|
4FFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.2508528616.0000000004FFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FFD000
|
| Size: |
12288
|
|
|
B0EBAFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112279669.000000B0EBAFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0EBAFE000
|
| Size: |
8192
|
|
|
27D13CE2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104523774.0000027D13CE2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13CE2000
|
| Size: |
4096
|
|
|
277540FA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2420516528.00000277540FA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
277540FA000
|
| Size: |
8192
|
|
|
7834000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2525177852.0000000007834000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
7834000
|
| Size: |
10485760
|
|
|
5160000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.2508599652.0000000005160000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5160000
|
| Size: |
16384
|
|
|
23C7BCBA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104825103.0000023C7BCBA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BCBA000
|
| Size: |
20480
|
|
|
7FF74C091000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000010.00000002.2420702922.00007FF74C091000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FF74C091000
|
| Size: |
1183744
|
|
|
5DB6000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2524707325.0000000005DB6000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5DB6000
|
| Size: |
8192
|
|
|
2374A6D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2353586913.000002374A6D0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A6D0000
|
| Size: |
4096
|
|
|
23C7BC9F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104379417.0000023C7BC9F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BC9F000
|
| Size: |
8192
|
|
|
20CF30CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236264622.0000020CF30CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30CE000
|
| Size: |
8192
|
|
|
277E2804000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319507735.00000277E2804000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E2804000
|
| Size: |
4096
|
|
|
7FF74C204000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000010.00000000.2313982474.00007FF74C204000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF74C204000
|
| Size: |
667648
|
|
|
58C6000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000016.00000002.2508687036.00000000058C6000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
58C6000
|
| Size: |
8192
|
|
|
20CF30B9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236024107.0000020CF30B9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30B9000
|
| Size: |
4096
|
|
|
6434000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.2525177852.0000000006434000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
6434000
|
| Size: |
10485760
|
|
|
2374A8AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319633932.000002374A8AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A8AE000
|
| Size: |
4096
|
|
|
23C7BCC3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104727062.0000023C7BCC3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23C7BCC3000
|
| Size: |
4096
|
|
|
277E2732000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319187021.00000277E2732000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
277E2732000
|
| Size: |
4096
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000014.00000002.3354270597.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
286720
|
|
|
27D13CE2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2104342185.0000027D13CE2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D13CE2000
|
| Size: |
4096
|
|
|
20CF30C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236024107.0000020CF30C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30C9000
|
| Size: |
4096
|
|
|
20CF30C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236264622.0000020CF30C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30C9000
|
| Size: |
4096
|
|
|
24D8B0B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236194726.0000024D8B0B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24D8B0B0000
|
| Size: |
200704
|
|
|
20CF30C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236791072.0000020CF30C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30C4000
|
| Size: |
8192
|
|
|
2374A8AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319361914.000002374A8AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A8AE000
|
| Size: |
4096
|
|
|
24CFCAFA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2280708066.0000024CFCAFA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
24CFCAFA000
|
| Size: |
8192
|
|
|
2374A7D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2355325467.000002374A7D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A7D0000
|
| Size: |
4096
|
|
|
B0EBCFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112305761.000000B0EBCFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0EBCFE000
|
| Size: |
8192
|
|
|
20CF3020000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2246536406.0000020CF3020000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20CF3020000
|
| Size: |
4096
|
|
|
5358000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.2508652655.0000000005358000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5358000
|
| Size: |
12288
|
|
|
AAE13FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2342837551.000000AAE13FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AAE13FE000
|
| Size: |
8192
|
|
|
2776011F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2420533229.000002776011F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2776011F000
|
| Size: |
4096
|
|
|
20CF30B7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236791072.0000020CF30B7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF30B7000
|
| Size: |
28672
|
|
|
20CF3109000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2236264622.0000020CF3109000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20CF3109000
|
| Size: |
8192
|
|
|
2374A8A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.2319361914.000002374A8A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2374A8A5000
|
| Size: |
8192
|
|
