|
1050000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456136780.0000000001050000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1050000
|
| Size: |
4096
|
|
|
5040000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3461212426.0000000005040000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5040000
|
| Size: |
4096
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1873737434.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752150829.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
429F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3460121374.000000000429F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
429F000
|
| Size: |
4096
|
|
|
D99000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456587072.0000000000D99000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D99000
|
| Size: |
4096
|
|
|
4E10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3463246465.0000000004E10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E10000
|
| Size: |
4096
|
|
|
30FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3457712852.00000000030FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30FF000
|
| Size: |
4096
|
|
|
CD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1790973087.0000000000CD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
53248
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752947328.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1789598916.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
5860000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3462478481.0000000005860000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5860000
|
| Size: |
4096
|
|
|
517D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3463160387.000000000517D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
517D000
|
| Size: |
12288
|
|
|
5090000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3461879506.0000000005090000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5090000
|
| Size: |
4096
|
|
|
7AD000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.3455930351.00000000007AD000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
DB7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456587072.0000000000DB7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB7000
|
| Size: |
8192
|
|
|
4670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1717621390.0000000004670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4670000
|
| Size: |
53248
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1874729286.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
1156000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3453590114.0000000001156000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1156000
|
| Size: |
24576
|
|
|
4670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1715107758.0000000004670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4670000
|
| Size: |
53248
|
|
|
12FB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456538284.00000000012FB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12FB000
|
| Size: |
4096
|
|
|
4BB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1802971447.0000000004BB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BB0000
|
| Size: |
4096
|
|
|
271000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3452978591.0000000000271000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
271000
|
| Size: |
1585152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4BB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1802858274.0000000004BB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BB0000
|
| Size: |
4096
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1874652108.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
CD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1798526906.0000000000CD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
53248
|
|
|
4CC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3463546272.0000000004CC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CC0000
|
| Size: |
4096
|
|
|
3430000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1937703730.0000000003430000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3430000
|
| Size: |
53248
|
|
|
19C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853693308.00000000019C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
19C0000
|
| Size: |
53248
|
|
|
453E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3460209622.000000000453E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
453E000
|
| Size: |
8192
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1713193884.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
4C20000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3462400326.0000000004C20000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C20000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933707511.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
4A01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1831289324.0000000004A01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A01000
|
| Size: |
4096
|
|
|
3457000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3457528086.0000000003457000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3457000
|
| Size: |
12288
|
|
|
7A6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3460759266.0000000007A6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7A6E000
|
| Size: |
8192
|
|
|
4A01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830054441.0000000004A01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A01000
|
| Size: |
49152
|
|
|
4D2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458170594.0000000004D2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D2F000
|
| Size: |
4096
|
|
|
3C3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3459181986.0000000003C3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C3F000
|
| Size: |
4096
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1722884084.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1873674830.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1799399729.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
548C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458518944.000000000548C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
548C000
|
| Size: |
16384
|
|
|
2A3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3457709825.0000000002A3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A3F000
|
| Size: |
4096
|
|
|
4A7B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3461264383.0000000004A7B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A7B000
|
| Size: |
20480
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1789598045.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
419E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3459189262.000000000419E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
419E000
|
| Size: |
8192
|
|
|
56B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3459946196.00000000056B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
56B0000
|
| Size: |
4096
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1713111088.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
229376
|
|
|
58C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3463282198.00000000058C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
58C0000
|
| Size: |
4096
|
|
|
4FDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3460925098.0000000004FDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FDF000
|
| Size: |
4096
|
|
|
4D00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3461803216.0000000004D00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D00000
|
| Size: |
4096
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1756725351.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
1A2D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455376041.0000000001A2D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A2D000
|
| Size: |
8192
|
|
|
129E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456495472.000000000129E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
129E000
|
| Size: |
8192
|
|
|
7AA000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3455820853.00000000007AA000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
7AA000
|
| Size: |
4096
|
|
|
57B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1944400835.00000000057B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57B0000
|
| Size: |
4096
|
|
|
7A2C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3463551292.0000000007A2C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A2C000
|
| Size: |
2002944
|
|
|
130C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3456038097.000000000130C000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
130C000
|
| Size: |
4096
|
|
|
270000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000000.1777240743.0000000000270000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
270000
|
| Size: |
4096
|
|
|
39FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3458458239.00000000039FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39FE000
|
| Size: |
8192
|
|
|
4BF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3462173256.0000000004BF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BF0000
|
| Size: |
4096
|
|
|
CD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1797119500.0000000000CD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
53248
|
|
|
4670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1718807430.0000000004670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4670000
|
| Size: |
53248
|
|
|
3BFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3459867262.0000000003BFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BFD000
|
| Size: |
12288
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1799364465.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
3FA000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3454293047.00000000003FA000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3FA000
|
| Size: |
8192
|
|
|
CAC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3453094990.0000000000CAC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CAC000
|
| Size: |
16384
|
|
|
4CA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1725306834.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CA0000
|
| Size: |
4096
|
|
|
2A10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3457335345.0000000002A10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A10000
|
| Size: |
16384
|
|
|
519F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3460749135.000000000519F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
519F000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830086648.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
57A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1944642215.00000000057A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57A0000
|
| Size: |
8192
|
|
|
18A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456493535.00000000018A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18A1000
|
| Size: |
4096
|
|
|
5440000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1861832555.0000000005440000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5440000
|
| Size: |
1585152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
329E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3458170969.000000000329E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
329E000
|
| Size: |
8192
|
|
|
432F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457215590.000000000432F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
432F000
|
| Size: |
4096
|
|
|
7257000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3463496790.0000000007257000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7257000
|
| Size: |
2002944
|
|
|
4CA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1725343872.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CA0000
|
| Size: |
4096
|
|
|
365E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3458544092.000000000365E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
365E000
|
| Size: |
8192
|
|
|
5440000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1861601456.0000000005440000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5440000
|
| Size: |
53248
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1789440228.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
4B10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3460814793.0000000004B10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4B10000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
301E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3457935072.000000000301E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
447F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3460835589.000000000447F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
447F000
|
| Size: |
4096
|
|
|
5020000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1802959071.0000000005020000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5020000
|
| Size: |
4096
|
|
|
4DB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3462852494.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DB0000
|
| Size: |
4096
|
|
|
396E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456399457.000000000396E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
396E000
|
| Size: |
8192
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830311050.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830219519.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
1A1F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455376041.0000000001A1F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A1F000
|
| Size: |
32768
|
|
|
6BC000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.1778878907.00000000006BC000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
6BC000
|
| Size: |
1716224
|
|
|
4670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1714563861.0000000004670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4670000
|
| Size: |
53248
|
|
|
1C1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3452995684.00000000001C1000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1C1000
|
| Size: |
1585152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2CBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3457899831.0000000002CBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CBF000
|
| Size: |
4096
|
|
|
3FA000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3454063388.00000000003FA000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3FA000
|
| Size: |
8192
|
|
|
433F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3460665585.000000000433F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
433F000
|
| Size: |
4096
|
|
|
34DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3458348634.00000000034DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34DF000
|
| Size: |
4096
|
|
|
1977000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455252209.0000000001977000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1977000
|
| Size: |
12288
|
|
|
51A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1960651145.00000000051A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51A1000
|
| Size: |
4096
|
|
|
31BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3458255575.00000000031BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31BF000
|
| Size: |
4096
|
|
|
3EDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3459823267.0000000003EDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EDF000
|
| Size: |
4096
|
|
|
4E90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1801179855.0000000004E90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E90000
|
| Size: |
53248
|
|
|
5240000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3463408874.0000000005240000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5240000
|
| Size: |
4096
|
|
|
3DBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3459350819.0000000003DBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DBE000
|
| Size: |
8192
|
|
|
5620000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1942776056.0000000005620000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5620000
|
| Size: |
53248
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830468521.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
413E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3459715183.000000000413E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
413E000
|
| Size: |
8192
|
|
|
1A29000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455376041.0000000001A29000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A29000
|
| Size: |
12288
|
|
|
3430000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1938305033.0000000003430000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3430000
|
| Size: |
53248
|
|
|
405E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3458517484.000000000405E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
405E000
|
| Size: |
8192
|
|
|
3FD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3454226179.00000000003FD000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
3FD000
|
| Size: |
1589248
|
|
|
45C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1831197274.00000000045C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45C1000
|
| Size: |
4096
|
|
|
7AC000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3455888488.00000000007AC000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
7AC000
|
| Size: |
4096
|
|
|
10E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456251945.00000000010E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10E0000
|
| Size: |
4096
|
|
|
CD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1794321196.0000000000CD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
53248
|
|
|
3D7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3459304151.0000000003D7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D7F000
|
| Size: |
4096
|
|
|
5780000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1944676247.0000000005780000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5780000
|
| Size: |
4096
|
|
|
2B1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3457466407.0000000002B1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B1F000
|
| Size: |
4096
|
|
|
116D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.3454060819.000000000116D000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
116D000
|
| Size: |
1691648
|
|
|
EE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1757121073.0000000000EE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EE0000
|
| Size: |
4096
|
|
|
36BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3459252703.00000000036BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36BF000
|
| Size: |
4096
|
|
|
3FD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3454414581.00000000003FD000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
3FD000
|
| Size: |
1589248
|
|
|
D00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456133691.0000000000D00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D00000
|
| Size: |
16384
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1959891124.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
50C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3462306341.00000000050C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50C0000
|
| Size: |
4096
|
|
|
130B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000B.00000002.3455966053.000000000130B000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
130B000
|
| Size: |
4096
|
|
|
EC6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456276074.0000000000EC6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EC6000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
347E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3458527392.000000000347E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
347E000
|
| Size: |
8192
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1712920948.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
65536
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1751968981.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
51A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1960743460.00000000051A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51A1000
|
| Size: |
4096
|
|
|
D94000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456587072.0000000000D94000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D94000
|
| Size: |
12288
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752015204.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
41FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3460546979.00000000041FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41FF000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1960155438.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
43DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3459351550.00000000043DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43DF000
|
| Size: |
4096
|
|
|
5110000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3462613247.0000000005110000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5110000
|
| Size: |
8192
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830484990.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1751874851.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
3E2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456744343.0000000003E2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E2F000
|
| Size: |
4096
|
|
|
18C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1961044121.00000000018C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18C5000
|
| Size: |
8192
|
|
|
36FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3459343453.00000000036FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36FE000
|
| Size: |
8192
|
|
|
55D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1862294699.00000000055D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55D0000
|
| Size: |
4096
|
|
|
373F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3458200075.000000000373F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
373F000
|
| Size: |
4096
|
|
|
51A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1941711306.00000000051A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51A1000
|
| Size: |
49152
|
|
|
2BBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3457847030.0000000002BBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BBE000
|
| Size: |
8192
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830244744.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
19C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854852778.00000000019C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
19C0000
|
| Size: |
53248
|
|
|
19C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857396236.00000000019C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
19C0000
|
| Size: |
53248
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1755686199.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752093167.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
4CD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3461363691.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CD0000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1959932035.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
3D2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456691779.0000000003D2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D2E000
|
| Size: |
8192
|
|
|
95C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456223406.000000000095C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
95C000
|
| Size: |
16384
|
|
|
4C90000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3463283232.0000000004C90000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C90000
|
| Size: |
4096
|
|
|
4670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1721375141.0000000004670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4670000
|
| Size: |
53248
|
|
|
4670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1719389986.0000000004670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4670000
|
| Size: |
53248
|
|
|
45C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1831120225.00000000045C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45C1000
|
| Size: |
4096
|
|
|
34D000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3454237327.000000000034D000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
34D000
|
| Size: |
1589248
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830562489.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
DA2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456587072.0000000000DA2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DA2000
|
| Size: |
32768
|
|
|
3DDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3459774378.0000000003DDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DDE000
|
| Size: |
8192
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1960068382.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
702C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1753708600.000000000702C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
702C000
|
| Size: |
524288
|
|
|
3B5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3458066495.0000000003B5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B5E000
|
| Size: |
8192
|
|
|
174F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3454522290.000000000174F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
174F000
|
| Size: |
4096
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1754534818.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
4A01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1831072211.0000000004A01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A01000
|
| Size: |
4096
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1874078073.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
46C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1789484146.00000000046C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
46C0000
|
| Size: |
176128
|
|
|
1325000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456538284.0000000001325000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1325000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1960099778.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
5850000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3462422240.0000000005850000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5850000
|
| Size: |
4096
|
|
|
1C0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3452807575.00000000001C0000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1C0000
|
| Size: |
4096
|
|
|
2F3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3458066475.0000000002F3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F3F000
|
| Size: |
4096
|
|
|
19C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855471125.00000000019C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
19C0000
|
| Size: |
53248
|
|
|
3C5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3458141739.0000000003C5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C5F000
|
| Size: |
4096
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1754757682.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
5020000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1803026471.0000000005020000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5020000
|
| Size: |
4096
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1789627663.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
343F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3458463276.000000000343F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
343F000
|
| Size: |
4096
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1799290446.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
5830000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3462284945.0000000005830000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5830000
|
| Size: |
4096
|
|
|
4C2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458125525.0000000004C2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C2E000
|
| Size: |
8192
|
|
|
4CF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3461642570.0000000004CF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CF0000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1941850339.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1873875906.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
12A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456538284.00000000012A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A0000
|
| Size: |
32768
|
|
|
130B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.3454349675.000000000130B000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
130B000
|
| Size: |
4096
|
|
|
57B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1944328516.00000000057B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57B0000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1959983257.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
51A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933338295.00000000051A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51A1000
|
| Size: |
65536
|
|
|
3EFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3459493838.0000000003EFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EFE000
|
| Size: |
8192
|
|
|
CD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1791588247.0000000000CD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
53248
|
|
|
5020000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1802784571.0000000005020000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5020000
|
| Size: |
4096
|
|
|
45C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1789565112.00000000045C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45C1000
|
| Size: |
233472
|
|
|
491E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3459939500.000000000491E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
491E000
|
| Size: |
8192
|
|
|
4BB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1803137465.0000000004BB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BB0000
|
| Size: |
4096
|
|
|
DBC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456587072.0000000000DBC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DBC000
|
| Size: |
57344
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
EAA000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000B.00000000.1927658890.0000000000EAA000.00000008.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
EAA000
|
| Size: |
8192
|
|
|
43EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3460323812.00000000043EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43EF000
|
| Size: |
4096
|
|
|
35AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456106767.00000000035AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35AE000
|
| Size: |
8192
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1712953482.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
5130000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3462923073.0000000005130000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5130000
|
| Size: |
4096
|
|
|
116C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3454307049.000000000116C000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
116C000
|
| Size: |
4096
|
|
|
E3B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456009007.0000000000E3B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E3B000
|
| Size: |
20480
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1859884778.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
4C70000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3462921328.0000000004C70000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C70000
|
| Size: |
4096
|
|
|
E6E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456276074.0000000000E6E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E6E000
|
| Size: |
163840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
58A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3462880623.00000000058A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
58A0000
|
| Size: |
8192
|
|
|
4CC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3461237949.0000000004CC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CC0000
|
| Size: |
4096
|
|
|
111A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3453590114.000000000111A000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
111A000
|
| Size: |
102400
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1722817822.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
271000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3453216308.0000000000271000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
271000
|
| Size: |
1585152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3F5000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3452978591.00000000003F5000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
3F5000
|
| Size: |
20480
|
|
|
60C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3454237327.000000000060C000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
60C000
|
| Size: |
4096
|
|
|
397E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3459606794.000000000397E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
397E000
|
| Size: |
8192
|
|
|
33BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3457932988.00000000033BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33BE000
|
| Size: |
8192
|
|
|
509E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3460695541.000000000509E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
509E000
|
| Size: |
8192
|
|
|
5600000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3459301447.0000000005600000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5600000
|
| Size: |
4096
|
|
|
5F6000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3454237327.00000000005F6000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
5F6000
|
| Size: |
24576
|
|
|
45C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1831165153.00000000045C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45C1000
|
| Size: |
4096
|
|
|
4C94000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1724860101.0000000004C94000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C94000
|
| Size: |
16384
|
|
|
DAC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456587072.0000000000DAC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DAC000
|
| Size: |
12288
|
|
|
4BBD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3461540664.0000000004BBD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BBD000
|
| Size: |
12288
|
|
|
198E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3457295213.000000000198E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
198E000
|
| Size: |
8192
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1799323332.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
2FBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3457622689.0000000002FBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FBF000
|
| Size: |
4096
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1789664760.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
37FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3459404542.00000000037FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37FF000
|
| Size: |
4096
|
|
|
12AA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456538284.00000000012AA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12AA000
|
| Size: |
8192
|
|
|
4A01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1799425293.0000000004A01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A01000
|
| Size: |
49152
|
|
|
34A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3454102449.000000000034A000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
34A000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
2DFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3457985787.0000000002DFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DFF000
|
| Size: |
4096
|
|
|
327E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3457844901.000000000327E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
327E000
|
| Size: |
8192
|
|
|
4670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1714007304.0000000004670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4670000
|
| Size: |
53248
|
|
|
45C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1799258574.00000000045C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45C1000
|
| Size: |
49152
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1799495519.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
357F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3459132702.000000000357F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
357F000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1960533218.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
3F7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3460238812.0000000003F7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F7F000
|
| Size: |
4096
|
|
|
19C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857965206.00000000019C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
19C0000
|
| Size: |
53248
|
|
|
4B10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1724651936.0000000004B10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4B10000
|
| Size: |
53248
|
|
|
50B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3462223260.00000000050B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50B0000
|
| Size: |
4096
|
|
|
5BA000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3454237327.00000000005BA000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
5BA000
|
| Size: |
102400
|
|
|
10F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1797289672.00000000010F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
10F0000
|
| Size: |
53248
|
|
|
365F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3457667740.000000000365F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
365F000
|
| Size: |
4096
|
|
|
5870000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3462530820.0000000005870000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5870000
|
| Size: |
4096
|
|
|
4B5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3460164409.0000000004B5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B5F000
|
| Size: |
4096
|
|
|
DD6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1831670552.0000000000DD6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DD6000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830965638.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
422E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457154152.000000000422E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
422E000
|
| Size: |
8192
|
|
|
5020000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1803104348.0000000005020000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5020000
|
| Size: |
12288
|
|
|
2CFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3457935464.0000000002CFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CFE000
|
| Size: |
8192
|
|
|
5840000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3462361544.0000000005840000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5840000
|
| Size: |
4096
|
|
|
4670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1722528710.0000000004670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4670000
|
| Size: |
53248
|
|
|
288E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3457078377.000000000288E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
288E000
|
| Size: |
8192
|
|
|
CD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1792886888.0000000000CD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
53248
|
|
|
85D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000002.3455961682.000000000085D000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
85D000
|
| Size: |
8192
|
|
|
576F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3461133209.000000000576F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
576F000
|
| Size: |
4096
|
|
|
3C7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3459237522.0000000003C7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C7E000
|
| Size: |
8192
|
|
|
EA8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456276074.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EA8000
|
| Size: |
8192
|
|
|
EAC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456276074.0000000000EAC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EAC000
|
| Size: |
12288
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830613214.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
3DDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3458344270.0000000003DDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DDE000
|
| Size: |
8192
|
|
|
342E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3457494608.000000000342E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
342E000
|
| Size: |
8192
|
|
|
185B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456493535.000000000185B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
185B000
|
| Size: |
131072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
566C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3460997637.000000000566C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
566C000
|
| Size: |
16384
|
|
|
5020000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1803003259.0000000005020000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5020000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1941974712.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
6E27000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3463410445.0000000006E27000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E27000
|
| Size: |
2002944
|
|
|
4C5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3461052962.0000000004C5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C5F000
|
| Size: |
4096
|
|
|
1A3F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455376041.0000000001A3F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A3F000
|
| Size: |
4096
|
|
|
4A1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3460003228.0000000004A1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A1F000
|
| Size: |
4096
|
|
|
1A32000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455376041.0000000001A32000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A32000
|
| Size: |
4096
|
|
|
12FD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456538284.00000000012FD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12FD000
|
| Size: |
16384
|
|
|
4670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1716245382.0000000004670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4670000
|
| Size: |
53248
|
|
|
57D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3461441019.00000000057D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57D0000
|
| Size: |
4096
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1859787895.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
49152
|
|
|
196B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455212330.000000000196B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
196B000
|
| Size: |
20480
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1960172977.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
57F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3461685189.00000000057F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57F0000
|
| Size: |
4096
|
|
|
DD4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1831670552.0000000000DD4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DD4000
|
| Size: |
4096
|
|
|
60D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.3455566999.000000000060D000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
60D000
|
| Size: |
1691648
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1789684174.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
4BB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1803029278.0000000004BB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BB0000
|
| Size: |
4096
|
|
|
57C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3461314764.00000000057C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57C0000
|
| Size: |
4096
|
|
|
4BB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1803198756.0000000004BB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BB0000
|
| Size: |
12288
|
|
|
17B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3454553641.00000000017B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17B0000
|
| Size: |
4096
|
|
|
42A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3460181904.00000000042A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
42A0000
|
| Size: |
4096
|
|
|
3D3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3460007325.0000000003D3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D3E000
|
| Size: |
8192
|
|
|
3CFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3459942503.0000000003CFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CFF000
|
| Size: |
4096
|
|
|
3B3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3458562629.0000000003B3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B3E000
|
| Size: |
8192
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1751953017.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
12F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456538284.00000000012F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12F1000
|
| Size: |
16384
|
|
|
51A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933564558.00000000051A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51A1000
|
| Size: |
237568
|
|
|
472E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457624444.000000000472E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
472E000
|
| Size: |
8192
|
|
|
D21000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3453097183.0000000000D21000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D21000
|
| Size: |
1585152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
10F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1793154997.00000000010F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
10F0000
|
| Size: |
53248
|
|
|
57B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1944462340.00000000057B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57B0000
|
| Size: |
4096
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1799457126.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
3430000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1938859138.0000000003430000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3430000
|
| Size: |
53248
|
|
|
E97000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456276074.0000000000E97000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E97000
|
| Size: |
20480
|
|
|
33DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3458289658.00000000033DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33DE000
|
| Size: |
8192
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1799345981.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
D21000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000B.00000000.1927465891.0000000000D21000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D21000
|
| Size: |
704512
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830116901.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1960130515.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
4BD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3461854400.0000000004BD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BD0000
|
| Size: |
4096
|
|
|
2C5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3457572110.0000000002C5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C5E000
|
| Size: |
8192
|
|
|
7023000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1753011207.0000000007023000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7023000
|
| Size: |
524288
|
|
|
51A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1960606120.00000000051A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51A1000
|
| Size: |
4096
|
|
|
3A7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3459667784.0000000003A7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A7F000
|
| Size: |
4096
|
|
|
19C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858539480.00000000019C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
19C0000
|
| Size: |
53248
|
|
|
57B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1944532572.00000000057B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57B0000
|
| Size: |
12288
|
|
|
D21000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3453305471.0000000000D21000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D21000
|
| Size: |
1585152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
85B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000002.3455864962.000000000085B000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
85B000
|
| Size: |
4096
|
|
|
55D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1862313666.00000000055D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55D0000
|
| Size: |
4096
|
|
|
BF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456043134.0000000000BF0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BF0000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933636861.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
4E90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1801808596.0000000004E90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E90000
|
| Size: |
53248
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933371701.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
7AB000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.3455850718.00000000007AB000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
7AB000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752078733.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1941991790.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
45AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457447217.00000000045AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45AF000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1941744671.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933683679.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
36AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456146115.00000000036AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36AF000
|
| Size: |
4096
|
|
|
4CA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3463407986.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CA0000
|
| Size: |
8192
|
|
|
18BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456493535.00000000018BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18BD000
|
| Size: |
4096
|
|
|
4FAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458341821.0000000004FAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FAF000
|
| Size: |
4096
|
|
|
2D5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3457629057.0000000002D5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D5F000
|
| Size: |
4096
|
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456380576.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CF7000
|
| Size: |
12288
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933775342.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
D40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1801334694.0000000000D40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
D40000
|
| Size: |
53248
|
|
|
EBC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456276074.0000000000EBC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EBC000
|
| Size: |
16384
|
|
|
4A40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1802231508.0000000004A40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4A40000
|
| Size: |
1585152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6BD000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000002.3455564770.00000000006BD000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
6BD000
|
| Size: |
1691648
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1756479728.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
442E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3460403489.000000000442E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
442E000
|
| Size: |
8192
|
|
|
19C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1852488530.00000000019C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
19C0000
|
| Size: |
53248
|
|
|
45C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1831229873.00000000045C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45C1000
|
| Size: |
4096
|
|
|
56E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3460116758.00000000056E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
56E0000
|
| Size: |
4096
|
|
|
49FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3460663297.00000000049FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49FF000
|
| Size: |
4096
|
|
|
715E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3463792986.000000000715E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
715E000
|
| Size: |
8192
|
|
|
1034000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3453590114.0000000001034000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1034000
|
| Size: |
909312
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4F5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3460586127.0000000004F5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F5E000
|
| Size: |
8192
|
|
|
415F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3459136451.000000000415F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
415F000
|
| Size: |
4096
|
|
|
50F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3462495662.00000000050F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50F0000
|
| Size: |
4096
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1799475275.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
1850000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456493535.0000000001850000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1850000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1831036322.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
43FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3460052969.00000000043FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43FE000
|
| Size: |
8192
|
|
|
4D4000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3454237327.00000000004D4000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
4D4000
|
| Size: |
909312
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
EE8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3457024896.0000000000EE8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EE8000
|
| Size: |
8192
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1753640834.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
2FFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3457666273.0000000002FFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FFE000
|
| Size: |
8192
|
|
|
E60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456276074.0000000000E60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E60000
|
| Size: |
32768
|
|
|
5820000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3462171516.0000000005820000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5820000
|
| Size: |
4096
|
|
|
45C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830053181.00000000045C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45C1000
|
| Size: |
49152
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1959801176.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
1840000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456455425.0000000001840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1840000
|
| Size: |
4096
|
|
|
5620000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3459403981.0000000005620000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5620000
|
| Size: |
4096
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752384294.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
CF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456380576.0000000000CF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CF0000
|
| Size: |
16384
|
|
|
4A5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3460095035.0000000004A5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A5E000
|
| Size: |
8192
|
|
|
48FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3460604110.00000000048FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
48FE000
|
| Size: |
8192
|
|
|
4BEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458083223.0000000004BEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BEF000
|
| Size: |
4096
|
|
|
50A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3462080125.00000000050A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50A0000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1941832388.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
4B10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1724860101.0000000004B10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4B10000
|
| Size: |
1585152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1A8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3457335342.0000000001A8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1A8F000
|
| Size: |
4096
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1754487497.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
4B9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3460213585.0000000004B9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B9E000
|
| Size: |
8192
|
|
|
429F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3459240284.000000000429F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
429F000
|
| Size: |
4096
|
|
|
E4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456241380.0000000000E4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E4F000
|
| Size: |
4096
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830221892.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
E6A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456276074.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E6A000
|
| Size: |
8192
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1860040635.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1874763414.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
754E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3463776240.000000000754E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
754E000
|
| Size: |
8192
|
|
|
4D90000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3462604824.0000000004D90000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D90000
|
| Size: |
8192
|
|
|
32FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3458347682.00000000032FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32FF000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1799585726.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
3CEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456639415.0000000003CEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CEF000
|
| Size: |
4096
|
|
|
3FBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3460298268.0000000003FBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FBE000
|
| Size: |
8192
|
|
|
6ECE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3463672925.0000000006ECE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6ECE000
|
| Size: |
2002944
|
|
|
DCC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456587072.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DCC000
|
| Size: |
4096
|
|
|
49AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457926907.00000000049AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49AE000
|
| Size: |
8192
|
|
|
DDE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456587072.0000000000DDE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DDE000
|
| Size: |
4096
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1755634923.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
3AFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3458515497.0000000003AFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3AFF000
|
| Size: |
4096
|
|
|
4D10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3461963277.0000000004D10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D10000
|
| Size: |
4096
|
|
|
469E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3459663557.000000000469E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
469E000
|
| Size: |
8192
|
|
|
4670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1718250797.0000000004670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4670000
|
| Size: |
53248
|
|
|
3EDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3458390082.0000000003EDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EDF000
|
| Size: |
4096
|
|
|
377E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3458259215.000000000377E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
377E000
|
| Size: |
8192
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1860155034.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
1156000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3454307049.0000000001156000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1156000
|
| Size: |
24576
|
|
|
12DE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456538284.00000000012DE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12DE000
|
| Size: |
20480
|
|
|
2C1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3457521724.0000000002C1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C1F000
|
| Size: |
4096
|
|
|
13E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3454441158.00000000013E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E0000
|
| Size: |
4096
|
|
|
3E3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3460093057.0000000003E3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E3F000
|
| Size: |
4096
|
|
|
CD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1796499080.0000000000CD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
53248
|
|
|
2FDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3457865559.0000000002FDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FDF000
|
| Size: |
4096
|
|
|
7D1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3463853458.0000000007D1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7D1E000
|
| Size: |
8192
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830243122.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
17C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3454577754.00000000017C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17C0000
|
| Size: |
4096
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1751889749.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
55F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3459237122.00000000055F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55F0000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830149318.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
10F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1793785347.00000000010F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
10F0000
|
| Size: |
53248
|
|
|
116C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000B.00000000.1927727501.000000000116C000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
116C000
|
| Size: |
1716224
|
|
|
379E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3459198770.000000000379E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
379E000
|
| Size: |
8192
|
|
|
392F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456350235.000000000392F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
392F000
|
| Size: |
4096
|
|
|
EAD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3454307049.0000000000EAD000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
EAD000
|
| Size: |
1589248
|
|
|
47BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3460498636.00000000047BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
47BE000
|
| Size: |
8192
|
|
|
6BC000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3454414581.00000000006BC000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
6BC000
|
| Size: |
4096
|
|
|
456E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3460563725.000000000456E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
456E000
|
| Size: |
8192
|
|
|
CD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1795265855.0000000000CD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
53248
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1799636071.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
3450000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3457528086.0000000003450000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3450000
|
| Size: |
16384
|
|
|
5660000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3459626047.0000000005660000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5660000
|
| Size: |
4096
|
|
|
361F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3458471753.000000000361F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
361F000
|
| Size: |
4096
|
|
|
51A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1960680752.00000000051A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51A1000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1960243260.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
4AAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457984387.0000000004AAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4AAF000
|
| Size: |
4096
|
|
|
375F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3457711270.000000000375F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
375F000
|
| Size: |
4096
|
|
|
19DE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455376041.00000000019DE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
19DE000
|
| Size: |
196608
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
3D9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3458284448.0000000003D9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D9F000
|
| Size: |
4096
|
|
|
18A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456493535.00000000018A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18A3000
|
| Size: |
8192
|
|
|
B8B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456009012.0000000000B8B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B8B000
|
| Size: |
20480
|
|
|
5014000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1802109842.0000000005014000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5014000
|
| Size: |
16384
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1713142987.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
1893000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456493535.0000000001893000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1893000
|
| Size: |
28672
|
|
|
EAA000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3453559138.0000000000EAA000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
EAA000
|
| Size: |
8192
|
|
|
1750000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456395933.0000000001750000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1750000
|
| Size: |
16384
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1799656999.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
D20000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3453259385.0000000000D20000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D20000
|
| Size: |
4096
|
|
|
2D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3457706105.0000000002D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D9E000
|
| Size: |
8192
|
|
|
401F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3459924681.000000000401F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
401F000
|
| Size: |
4096
|
|
|
5440000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1860976484.0000000005440000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5440000
|
| Size: |
53248
|
|
|
4DDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3460423467.0000000004DDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4DDF000
|
| Size: |
4096
|
|
|
D10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3453209129.0000000000D10000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D10000
|
| Size: |
4096
|
|
|
4E20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3463616209.0000000004E20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E20000
|
| Size: |
4096
|
|
|
355F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3457625744.000000000355F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
355F000
|
| Size: |
4096
|
|
|
4CA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1725360215.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CA0000
|
| Size: |
4096
|
|
|
379E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3457756972.000000000379E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
379E000
|
| Size: |
8192
|
|
|
45C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3461177994.00000000045C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45C0000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830558691.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
DB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456587072.0000000000DB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB0000
|
| Size: |
4096
|
|
|
3B1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3459497936.0000000003B1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B1F000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830177812.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
56F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3460190907.00000000056F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
56F0000
|
| Size: |
4096
|
|
|
3430000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1935426235.0000000003430000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3430000
|
| Size: |
53248
|
|
|
270000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.1778751953.0000000000270000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
270000
|
| Size: |
4096
|
|
|
55D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1862224304.00000000055D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55D0000
|
| Size: |
4096
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1756698183.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830366957.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
1107000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456300373.0000000001107000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1107000
|
| Size: |
12288
|
|
|
1325000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1831934452.0000000001325000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1325000
|
| Size: |
4096
|
|
|
4E90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1802109842.0000000004E90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E90000
|
| Size: |
1585152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
45BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3461052840.00000000045BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45BF000
|
| Size: |
4096
|
|
|
40AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456962847.00000000040AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40AF000
|
| Size: |
4096
|
|
|
5690000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3459817210.0000000005690000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5690000
|
| Size: |
4096
|
|
|
4780000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1713019216.0000000004780000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4780000
|
| Size: |
172032
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752001032.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
CD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1797898335.0000000000CD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
53248
|
|
|
D20000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000000.1927439864.0000000000D20000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D20000
|
| Size: |
4096
|
|
|
2F7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3458112434.0000000002F7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F7E000
|
| Size: |
8192
|
|
|
5620000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1943556052.0000000005620000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5620000
|
| Size: |
1585152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7780000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3460375254.0000000007780000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7780000
|
| Size: |
2002944
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933741651.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
325F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3458116391.000000000325F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
325F000
|
| Size: |
4096
|
|
|
451F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3459470466.000000000451F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
451F000
|
| Size: |
4096
|
|
|
19C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856753795.00000000019C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
19C0000
|
| Size: |
53248
|
|
|
5060000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3461416589.0000000005060000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5060000
|
| Size: |
4096
|
|
|
3FAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456904456.0000000003FAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FAE000
|
| Size: |
8192
|
|
|
351E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3458413306.000000000351E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
351E000
|
| Size: |
8192
|
|
|
EE8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1757121073.0000000000EE8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EE8000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
452F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3460464507.000000000452F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
452F000
|
| Size: |
4096
|
|
|
4CE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3461522361.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CE0000
|
| Size: |
4096
|
|
|
66A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3454226179.000000000066A000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
66A000
|
| Size: |
102400
|
|
|
3F1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3458444014.0000000003F1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F1E000
|
| Size: |
8192
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1960191828.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1713237989.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1959820079.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
417E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3459778029.000000000417E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
417E000
|
| Size: |
8192
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1859981540.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
5880000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3462589177.0000000005880000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5880000
|
| Size: |
4096
|
|
|
18C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456493535.00000000018C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18C5000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
10F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1791843174.00000000010F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
10F0000
|
| Size: |
53248
|
|
|
139B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456155521.000000000139B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
139B000
|
| Size: |
20480
|
|
|
4CB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3463496042.0000000004CB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CB0000
|
| Size: |
4096
|
|
|
4C90000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1725447795.0000000004C90000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C90000
|
| Size: |
8192
|
|
|
10F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1798711428.00000000010F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
10F0000
|
| Size: |
53248
|
|
|
17E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3454603012.00000000017E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17E0000
|
| Size: |
16384
|
|
|
5020000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1802731868.0000000005020000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5020000
|
| Size: |
8192
|
|
|
57B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1944078474.00000000057B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57B0000
|
| Size: |
4096
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1789648572.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830446989.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
4BB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1803110584.0000000004BB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BB0000
|
| Size: |
4096
|
|
|
479F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3459730616.000000000479F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
479F000
|
| Size: |
4096
|
|
|
4CA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1725232610.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CA0000
|
| Size: |
4096
|
|
|
55D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1862381588.00000000055D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55D0000
|
| Size: |
4096
|
|
|
EA5000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3453097183.0000000000EA5000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
EA5000
|
| Size: |
20480
|
|
|
5800000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3461859563.0000000005800000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5800000
|
| Size: |
4096
|
|
|
D21000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1845007031.0000000000D21000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D21000
|
| Size: |
704512
|
|
|
4D70000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3462512175.0000000004D70000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D70000
|
| Size: |
4096
|
|
|
D8B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456587072.0000000000D8B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D8B000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1722703493.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
415F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3460005477.000000000415F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
415F000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1789361280.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1874685218.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
35BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3459186241.00000000035BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35BE000
|
| Size: |
8192
|
|
|
33EC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3457437220.00000000033EC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33EC000
|
| Size: |
16384
|
|
|
40BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3460398508.00000000040BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40BF000
|
| Size: |
4096
|
|
|
57B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1944296714.00000000057B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57B0000
|
| Size: |
4096
|
|
|
4A01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1789562867.0000000004A01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A01000
|
| Size: |
233472
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933601330.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830310722.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
2B7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3457795444.0000000002B7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B7F000
|
| Size: |
4096
|
|
|
A8B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3455963168.0000000000A8B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A8B000
|
| Size: |
20480
|
|
|
389F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3457798801.000000000389F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
389F000
|
| Size: |
4096
|
|
|
4680000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3460714834.0000000004680000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4680000
|
| Size: |
4096
|
|
|
584000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3454414581.0000000000584000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
584000
|
| Size: |
909312
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4CA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1725403936.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CA0000
|
| Size: |
12288
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1789734359.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
4B10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1724025820.0000000004B10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4B10000
|
| Size: |
53248
|
|
|
220000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3453059461.0000000000220000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
220000
|
| Size: |
4096
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1873705463.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
55D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1862403010.00000000055D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55D0000
|
| Size: |
4096
|
|
|
187C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456493535.000000000187C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
187C000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4BC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3461683378.0000000004BC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BC0000
|
| Size: |
4096
|
|
|
477F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3460425536.000000000477F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
477F000
|
| Size: |
4096
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1754440111.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
3430000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1934883426.0000000003430000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3430000
|
| Size: |
53248
|
|
|
115D000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3453590114.000000000115D000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
115D000
|
| Size: |
40960
|
|
|
5620000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3460893379.0000000005620000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5620000
|
| Size: |
8192
|
|
|
115D000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3454307049.000000000115D000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
115D000
|
| Size: |
40960
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1941917348.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1756628638.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
43BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3459988638.00000000043BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43BF000
|
| Size: |
4096
|
|
|
5640000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3459500773.0000000005640000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5640000
|
| Size: |
4096
|
|
|
3FA000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000006.00000000.1778861553.00000000003FA000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
3FA000
|
| Size: |
8192
|
|
|
1C1000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.1707750498.00000000001C1000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1C1000
|
| Size: |
704512
|
|
|
188A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456493535.000000000188A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
188A000
|
| Size: |
4096
|
|
|
F3C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456044776.0000000000F3C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F3C000
|
| Size: |
16384
|
|
|
85C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3455913213.000000000085C000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
85C000
|
| Size: |
4096
|
|
|
5030000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3461081554.0000000005030000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5030000
|
| Size: |
4096
|
|
|
D6B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456587072.0000000000D6B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D6B000
|
| Size: |
126976
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4F1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3460530011.0000000004F1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F1F000
|
| Size: |
4096
|
|
|
6BD000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3455660710.00000000006BD000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
6BD000
|
| Size: |
1691648
|
|
|
446F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457337009.000000000446F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
446F000
|
| Size: |
4096
|
|
|
D20000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3452807186.0000000000D20000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D20000
|
| Size: |
4096
|
|
|
467E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3460361464.000000000467E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
467E000
|
| Size: |
8192
|
|
|
57B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1943876500.00000000057B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57B0000
|
| Size: |
8192
|
|
|
D40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1801986640.0000000000D40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
D40000
|
| Size: |
53248
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830531438.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
1110000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456396536.0000000001110000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1110000
|
| Size: |
16384
|
|
|
10F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1799322623.00000000010F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
10F0000
|
| Size: |
53248
|
|
|
1100000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456300373.0000000001100000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1100000
|
| Size: |
16384
|
|
|
3C9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3459663672.0000000003C9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C9E000
|
| Size: |
8192
|
|
|
16FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456217201.00000000016FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16FC000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
55C4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1861832555.00000000055C4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
55C4000
|
| Size: |
16384
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830606914.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1713208493.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1959871715.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
189D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456493535.000000000189D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
189D000
|
| Size: |
12288
|
|
|
51A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1960771989.00000000051A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51A1000
|
| Size: |
4096
|
|
|
3430000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1936562062.0000000003430000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3430000
|
| Size: |
53248
|
|
|
4EAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458291020.0000000004EAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4EAE000
|
| Size: |
8192
|
|
|
85C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3456110511.000000000085C000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
85C000
|
| Size: |
4096
|
|
|
4E6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458257263.0000000004E6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E6F000
|
| Size: |
4096
|
|
|
1884000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456493535.0000000001884000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1884000
|
| Size: |
16384
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1799537890.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
465F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3459599763.000000000465F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
465F000
|
| Size: |
4096
|
|
|
4D20000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3462121471.0000000004D20000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D20000
|
| Size: |
4096
|
|
|
56A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3459875984.00000000056A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
56A0000
|
| Size: |
4096
|
|
|
EA5000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3453305471.0000000000EA5000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
EA5000
|
| Size: |
20480
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1873785497.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
12AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456538284.00000000012AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12AD000
|
| Size: |
163840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
D4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456181872.0000000000D4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D4E000
|
| Size: |
8192
|
|
|
482F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457702334.000000000482F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
482F000
|
| Size: |
4096
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1875043700.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1941762381.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
4DC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3463043443.0000000004DC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DC0000
|
| Size: |
4096
|
|
|
85D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3456157365.000000000085D000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
85D000
|
| Size: |
8192
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1754719817.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
337F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3457897034.000000000337F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
337F000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830434383.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
389F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3459242126.000000000389F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
389F000
|
| Size: |
4096
|
|
|
4AEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458034273.0000000004AEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4AEE000
|
| Size: |
8192
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830368958.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
383E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3459474882.000000000383E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
383E000
|
| Size: |
8192
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1959909969.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
271000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.1778781470.0000000000271000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
271000
|
| Size: |
704512
|
|
|
10F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1791232945.00000000010F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
10F0000
|
| Size: |
53248
|
|
|
4C60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3462640895.0000000004C60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C60000
|
| Size: |
4096
|
|
|
5020000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1802822065.0000000005020000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5020000
|
| Size: |
4096
|
|
|
1700000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456275943.0000000001700000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1700000
|
| Size: |
4096
|
|
|
131D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456538284.000000000131D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
131D000
|
| Size: |
4096
|
|
|
5680000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3459751844.0000000005680000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5680000
|
| Size: |
4096
|
|
|
3F5000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3453216308.00000000003F5000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
3F5000
|
| Size: |
20480
|
|
|
4CA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1725321840.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CA0000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830264447.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
57B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1943930431.00000000057B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57B0000
|
| Size: |
4096
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830133119.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
34BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3457984461.00000000034BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34BF000
|
| Size: |
4096
|
|
|
307F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3458166800.000000000307F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
307F000
|
| Size: |
4096
|
|
|
18A6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456493535.00000000018A6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18A6000
|
| Size: |
4096
|
|
|
5050000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3461291484.0000000005050000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5050000
|
| Size: |
4096
|
|
|
4C70000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1725461927.0000000004C70000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C70000
|
| Size: |
4096
|
|
|
EB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456276074.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EB0000
|
| Size: |
16384
|
|
|
10F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1794657835.00000000010F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
10F0000
|
| Size: |
53248
|
|
|
3430000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1937171858.0000000003430000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3430000
|
| Size: |
53248
|
|
|
130D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.3454406329.000000000130D000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
130D000
|
| Size: |
8192
|
|
|
5920000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3463407853.0000000005920000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5920000
|
| Size: |
4096
|
|
|
4C80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1725428087.0000000004C80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C80000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1959953419.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
17E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3454603012.00000000017E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17E5000
|
| Size: |
8192
|
|
|
558F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3459135787.000000000558F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
558F000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1789646706.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
4FB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458398633.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB0000
|
| Size: |
4096
|
|
|
55D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1862428504.00000000055D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55D0000
|
| Size: |
4096
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830150433.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1722937898.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
10F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1796027112.00000000010F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
10F0000
|
| Size: |
53248
|
|
|
345000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3452995684.0000000000345000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
345000
|
| Size: |
20480
|
|
|
4670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1719977718.0000000004670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4670000
|
| Size: |
53248
|
|
|
270000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3452809333.0000000000270000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
270000
|
| Size: |
4096
|
|
|
3C9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3458207758.0000000003C9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C9E000
|
| Size: |
8192
|
|
|
1AB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3452793723.00000000001AB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1AB000
|
| Size: |
20480
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830179146.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
34FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3458030668.00000000034FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34FE000
|
| Size: |
8192
|
|
|
4CB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3461172395.0000000004CB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CB0000
|
| Size: |
4096
|
|
|
5100000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3462554145.0000000005100000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5100000
|
| Size: |
4096
|
|
|
5630000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3459458012.0000000005630000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5630000
|
| Size: |
4096
|
|
|
4D30000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3462281804.0000000004D30000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D30000
|
| Size: |
4096
|
|
|
4D60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3462451732.0000000004D60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D60000
|
| Size: |
4096
|
|
|
85A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3455989932.000000000085A000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
85A000
|
| Size: |
4096
|
|
|
3430000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1935990884.0000000003430000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3430000
|
| Size: |
53248
|
|
|
EAA000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000007.00000000.1845095958.0000000000EAA000.00000008.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
EAA000
|
| Size: |
8192
|
|
|
19C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1859680088.00000000019C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
19C0000
|
| Size: |
53248
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830264903.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1751903460.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
2E3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3458032092.0000000002E3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E3E000
|
| Size: |
8192
|
|
|
121F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456458093.000000000121F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
121F000
|
| Size: |
4096
|
|
|
164E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3454482198.000000000164E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
164E000
|
| Size: |
8192
|
|
|
436E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457282343.000000000436E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
436E000
|
| Size: |
8192
|
|
|
4670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1715680266.0000000004670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4670000
|
| Size: |
53248
|
|
|
1A1A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455376041.0000000001A1A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A1A000
|
| Size: |
8192
|
|
|
DD4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456587072.0000000000DD4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DD4000
|
| Size: |
4096
|
|
|
EBA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456276074.0000000000EBA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EBA000
|
| Size: |
4096
|
|
|
5790000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1944611474.0000000005790000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5790000
|
| Size: |
4096
|
|
|
4E1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3463584795.0000000004E1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E1E000
|
| Size: |
8192
|
|
|
47DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3459791736.00000000047DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
47DE000
|
| Size: |
8192
|
|
|
1A50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1875147914.0000000001A50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A50000
|
| Size: |
4096
|
|
|
1314000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456538284.0000000001314000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1314000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1874223073.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
48DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3459865282.00000000048DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
48DF000
|
| Size: |
4096
|
|
|
5810000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3462042208.0000000005810000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5810000
|
| Size: |
4096
|
|
|
4BE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3462015355.0000000004BE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BE0000
|
| Size: |
4096
|
|
|
4A01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1831218753.0000000004A01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A01000
|
| Size: |
4096
|
|
|
4BC4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1802231508.0000000004BC4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4BC4000
|
| Size: |
16384
|
|
|
45C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1831260123.00000000045C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45C1000
|
| Size: |
4096
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752371278.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
EB6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456276074.0000000000EB6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EB6000
|
| Size: |
12288
|
|
|
1970000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455252209.0000000001970000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1970000
|
| Size: |
16384
|
|
|
3430000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1941616575.0000000003430000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3430000
|
| Size: |
53248
|
|
|
3BEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456586635.0000000003BEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BEE000
|
| Size: |
8192
|
|
|
44FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3460123309.00000000044FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44FF000
|
| Size: |
4096
|
|
|
10F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1792440974.00000000010F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
10F0000
|
| Size: |
53248
|
|
|
705E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3463756946.000000000705E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
705E000
|
| Size: |
8192
|
|
|
4670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1721954730.0000000004670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4670000
|
| Size: |
53248
|
|
|
293C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3457664057.000000000293C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
293C000
|
| Size: |
16384
|
|
|
4CA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1725165146.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CA0000
|
| Size: |
8192
|
|
|
9F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456330664.00000000009F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F0000
|
| Size: |
4096
|
|
|
3EBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3459407056.0000000003EBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EBF000
|
| Size: |
4096
|
|
|
486E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457793641.000000000486E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
486E000
|
| Size: |
8192
|
|
|
56C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3460004086.00000000056C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
56C0000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830106729.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
3430000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1939427294.0000000003430000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3430000
|
| Size: |
53248
|
|
|
44BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3460908152.00000000044BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44BE000
|
| Size: |
8192
|
|
|
D60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456587072.0000000000D60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D60000
|
| Size: |
36864
|
|
|
45EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457514501.00000000045EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45EE000
|
| Size: |
8192
|
|
|
130A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3455904393.000000000130A000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
130A000
|
| Size: |
4096
|
|
|
463F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3460276009.000000000463F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
463F000
|
| Size: |
4096
|
|
|
60C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.1707864744.000000000060C000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
60C000
|
| Size: |
1716224
|
|
|
4B90000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1803237402.0000000004B90000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B90000
|
| Size: |
4096
|
|
|
5A10000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3463497761.0000000005A10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A10000
|
| Size: |
4096
|
|
|
57B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1944138831.00000000057B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57B0000
|
| Size: |
4096
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830086698.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
3A1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3457945559.0000000003A1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A1E000
|
| Size: |
8192
|
|
|
99E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456272945.000000000099E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
99E000
|
| Size: |
8192
|
|
|
BAB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3452805678.0000000000BAB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BAB000
|
| Size: |
20480
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1799308482.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
57A4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1943556052.00000000057A4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
57A4000
|
| Size: |
16384
|
|
|
1A10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455376041.0000000001A10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A10000
|
| Size: |
20480
|
|
|
33AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3457382194.00000000033AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33AE000
|
| Size: |
8192
|
|
|
30BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3458202367.00000000030BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30BE000
|
| Size: |
8192
|
|
|
401F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3458473686.000000000401F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
401F000
|
| Size: |
4096
|
|
|
1A47000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455376041.0000000001A47000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A47000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3E7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3460169197.0000000003E7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E7E000
|
| Size: |
8192
|
|
|
5620000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1943344500.0000000005620000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5620000
|
| Size: |
53248
|
|
|
441E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3459422355.000000000441E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
441E000
|
| Size: |
8192
|
|
|
4C30000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3462452787.0000000004C30000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C30000
|
| Size: |
4096
|
|
|
51A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1959746815.00000000051A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51A1000
|
| Size: |
49152
|
|
|
130A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3454305024.000000000130A000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
130A000
|
| Size: |
4096
|
|
|
4EB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3463643582.0000000004EB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EB0000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1960002688.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1941778963.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
1A58000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1875147914.0000000001A58000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A58000
|
| Size: |
8192
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1874792383.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1713179611.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
55D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1862465145.00000000055D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55D0000
|
| Size: |
4096
|
|
|
382E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456302963.000000000382E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
382E000
|
| Size: |
8192
|
|
|
4FF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1803177622.0000000004FF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FF0000
|
| Size: |
4096
|
|
|
6AD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3454226179.00000000006AD000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
6AD000
|
| Size: |
40960
|
|
|
D9D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456587072.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D9D000
|
| Size: |
12288
|
|
|
55A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1862591184.00000000055A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55A0000
|
| Size: |
4096
|
|
|
130D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000B.00000002.3456092776.000000000130D000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
130D000
|
| Size: |
8192
|
|
|
CD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1792211387.0000000000CD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
53248
|
|
|
85A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3455818468.000000000085A000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
85A000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1789626799.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
3A6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456459884.0000000003A6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A6F000
|
| Size: |
4096
|
|
|
584000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3454226179.0000000000584000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
584000
|
| Size: |
909312
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830529212.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
38DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3457848620.00000000038DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38DE000
|
| Size: |
8192
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1722730669.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
311F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3457988413.000000000311F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
311F000
|
| Size: |
4096
|
|
|
4A00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3460717512.0000000004A00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A00000
|
| Size: |
4096
|
|
|
356F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456072910.000000000356F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
356F000
|
| Size: |
4096
|
|
|
210000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3453031453.0000000000210000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
210000
|
| Size: |
16384
|
|
|
4A01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1831255834.0000000004A01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A01000
|
| Size: |
4096
|
|
|
50B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1850971861.00000000050B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50B0000
|
| Size: |
176128
|
|
|
55E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3459185780.00000000055E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55E0000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1960209965.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1789684956.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1860127938.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
57E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3461562385.00000000057E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57E0000
|
| Size: |
4096
|
|
|
4A01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1831157491.0000000004A01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A01000
|
| Size: |
4096
|
|
|
19BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455335712.00000000019BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19BE000
|
| Size: |
8192
|
|
|
F5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3457529787.0000000000F5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F5F000
|
| Size: |
4096
|
|
|
3FA000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000005.00000000.1777402476.00000000003FA000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
3FA000
|
| Size: |
8192
|
|
|
5020000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1802922894.0000000005020000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5020000
|
| Size: |
4096
|
|
|
EC1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456276074.0000000000EC1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EC1000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3B5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3459542352.0000000003B5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B5E000
|
| Size: |
8192
|
|
|
EAD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3453590114.0000000000EAD000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
EAD000
|
| Size: |
1589248
|
|
|
35FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3458064552.00000000035FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35FF000
|
| Size: |
4096
|
|
|
4BA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1803263589.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BA0000
|
| Size: |
8192
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830396254.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1754413975.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
4D50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3462397252.0000000004D50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D50000
|
| Size: |
4096
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752337940.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
4BB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1802802018.0000000004BB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BB0000
|
| Size: |
8192
|
|
|
336F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455983617.000000000336F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
336F000
|
| Size: |
4096
|
|
|
4C50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3462588223.0000000004C50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C50000
|
| Size: |
4096
|
|
|
4C00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3462281340.0000000004C00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C00000
|
| Size: |
4096
|
|
|
4C80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3463150048.0000000004C80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C80000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1941798324.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1754511545.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
CD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456088873.0000000000CD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
4096
|
|
|
393F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3459540383.000000000393F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
393F000
|
| Size: |
4096
|
|
|
188E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456493535.000000000188E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
188E000
|
| Size: |
8192
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1722759947.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
5000000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1803132120.0000000005000000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5000000
|
| Size: |
4096
|
|
|
42DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3459307283.00000000042DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42DE000
|
| Size: |
8192
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830465811.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830329698.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
2E9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3457756617.0000000002E9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E9F000
|
| Size: |
4096
|
|
|
5020000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1803048823.0000000005020000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5020000
|
| Size: |
4096
|
|
|
3430000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1941090278.0000000003430000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3430000
|
| Size: |
53248
|
|
|
3ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3459742248.0000000003ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ABE000
|
| Size: |
8192
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1799473048.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
1C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1707731630.00000000001C0000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1C0000
|
| Size: |
4096
|
|
|
4EDC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3460869244.0000000004EDC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4EDC000
|
| Size: |
16384
|
|
|
10BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456183578.00000000010BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
10BE000
|
| Size: |
8192
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1754465164.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
19C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856104318.00000000019C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
19C0000
|
| Size: |
53248
|
|
|
4D40000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3462330318.0000000004D40000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D40000
|
| Size: |
4096
|
|
|
4E90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3460789427.0000000004E90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E90000
|
| Size: |
8192
|
|
|
1730000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456344818.0000000001730000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1730000
|
| Size: |
4096
|
|
|
D20000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.1844819382.0000000000D20000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D20000
|
| Size: |
4096
|
|
|
55D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1862179396.00000000055D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55D0000
|
| Size: |
8192
|
|
|
4BB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1803157499.0000000004BB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BB0000
|
| Size: |
4096
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752109250.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
1327000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456538284.0000000001327000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1327000
|
| Size: |
4096
|
|
|
130C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3454385676.000000000130C000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
130C000
|
| Size: |
4096
|
|
|
5440000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458461936.0000000005440000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5440000
|
| Size: |
8192
|
|
|
315E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3458061041.000000000315E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
315E000
|
| Size: |
8192
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1713164492.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1751860931.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
19D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455376041.00000000019D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
19D0000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
DD6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456587072.0000000000DD6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DD6000
|
| Size: |
4096
|
|
|
4CA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1725276522.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CA0000
|
| Size: |
4096
|
|
|
55D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1862349454.00000000055D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55D0000
|
| Size: |
4096
|
|
|
50D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3462372570.00000000050D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50D0000
|
| Size: |
4096
|
|
|
55D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1862333296.00000000055D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55D0000
|
| Size: |
4096
|
|
|
375F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3459157771.000000000375F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
375F000
|
| Size: |
4096
|
|
|
37EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456255068.00000000037EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37EF000
|
| Size: |
4096
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830329323.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
298F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3457135567.000000000298F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
298F000
|
| Size: |
4096
|
|
|
31FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3458290070.00000000031FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31FE000
|
| Size: |
8192
|
|
|
4B7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3461415486.0000000004B7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B7F000
|
| Size: |
4096
|
|
|
427F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3459845122.000000000427F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
427F000
|
| Size: |
4096
|
|
|
10F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1790357066.00000000010F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
10F0000
|
| Size: |
53248
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1799671131.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
CD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1799152321.0000000000CD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
53248
|
|
|
6BC000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000000.1777421591.00000000006BC000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
6BC000
|
| Size: |
1716224
|
|
|
1A30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455376041.0000000001A30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A30000
|
| Size: |
4096
|
|
|
45C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1831302539.00000000045C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45C1000
|
| Size: |
4096
|
|
|
19C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1859106551.00000000019C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
19C0000
|
| Size: |
53248
|
|
|
116C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3453590114.000000000116C000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
116C000
|
| Size: |
4096
|
|
|
28FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3457607302.00000000028FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
28FF000
|
| Size: |
4096
|
|
|
403D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3459647378.000000000403D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
403D000
|
| Size: |
12288
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1722911399.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
85B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3456041331.000000000085B000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
85B000
|
| Size: |
4096
|
|
|
46EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457565158.00000000046EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46EF000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1789664885.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
3A1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3459436730.0000000003A1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A1E000
|
| Size: |
8192
|
|
|
CD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1790274645.0000000000CD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
53248
|
|
|
5770000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3460296651.0000000005770000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5770000
|
| Size: |
4096
|
|
|
1A58000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455376041.0000000001A58000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A58000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2EDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3457801197.0000000002EDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EDE000
|
| Size: |
8192
|
|
|
192E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3454667468.000000000192E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
192E000
|
| Size: |
8192
|
|
|
250000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3453085744.0000000000250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
250000
|
| Size: |
4096
|
|
|
3F1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3459860359.0000000003F1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F1E000
|
| Size: |
8192
|
|
|
5670000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3459686564.0000000005670000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5670000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1789717153.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
1034000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3454307049.0000000001034000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1034000
|
| Size: |
909312
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
42EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3460246251.00000000042EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42EE000
|
| Size: |
8192
|
|
|
F70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456089936.0000000000F70000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F70000
|
| Size: |
4096
|
|
|
38BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3458343794.00000000038BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38BE000
|
| Size: |
8192
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1799450528.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
5070000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3461539159.0000000005070000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5070000
|
| Size: |
4096
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1874116410.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
387F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3458295580.000000000387F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
387F000
|
| Size: |
4096
|
|
|
3F6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456849778.0000000003F6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F6F000
|
| Size: |
4096
|
|
|
6AD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3454414581.00000000006AD000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
6AD000
|
| Size: |
40960
|
|
|
116D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000B.00000002.3455605505.000000000116D000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
116D000
|
| Size: |
1691648
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1755661595.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
5180000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3463285148.0000000005180000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5180000
|
| Size: |
4096
|
|
|
39DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3459360503.00000000039DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39DF000
|
| Size: |
4096
|
|
|
42BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3459908898.00000000042BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42BE000
|
| Size: |
8192
|
|
|
3B1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3458010862.0000000003B1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B1F000
|
| Size: |
4096
|
|
|
DB2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456587072.0000000000DB2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB2000
|
| Size: |
16384
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1713223992.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
1A34000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455376041.0000000001A34000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A34000
|
| Size: |
8192
|
|
|
3FFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3459569990.0000000003FFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FFF000
|
| Size: |
4096
|
|
|
437E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3460751915.000000000437E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
437E000
|
| Size: |
8192
|
|
|
ED5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456276074.0000000000ED5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ED5000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
45C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1789352884.00000000045C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45C1000
|
| Size: |
65536
|
|
|
D40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456541519.0000000000D40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
D40000
|
| Size: |
8192
|
|
|
3430000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1940515434.0000000003430000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3430000
|
| Size: |
53248
|
|
|
4A01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1789324460.0000000004A01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A01000
|
| Size: |
65536
|
|
|
39BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3458389470.00000000039BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39BF000
|
| Size: |
4096
|
|
|
419E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3460053981.000000000419E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
419E000
|
| Size: |
8192
|
|
|
5010000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1803152199.0000000005010000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5010000
|
| Size: |
8192
|
|
|
5120000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3462685148.0000000005120000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5120000
|
| Size: |
4096
|
|
|
2A7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3457754448.0000000002A7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A7E000
|
| Size: |
8192
|
|
|
55C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1862566225.00000000055C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55C0000
|
| Size: |
8192
|
|
|
36EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456198473.00000000036EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36EE000
|
| Size: |
8192
|
|
|
4670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1717042580.0000000004670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4670000
|
| Size: |
53248
|
|
|
4D80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3462568535.0000000004D80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D80000
|
| Size: |
4096
|
|
|
5650000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3459547057.0000000005650000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5650000
|
| Size: |
4096
|
|
|
CD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1795880704.0000000000CD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
53248
|
|
|
573D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3460255262.000000000573D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
573D000
|
| Size: |
12288
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1751984097.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
2D7C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3457489998.0000000002D7C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D7C000
|
| Size: |
16384
|
|
|
4CA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1725261960.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CA0000
|
| Size: |
4096
|
|
|
55D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1862255099.00000000055D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55D0000
|
| Size: |
4096
|
|
|
4C10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3462350591.0000000004C10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C10000
|
| Size: |
4096
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1874612218.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
4096
|
|
|
5610000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3459349539.0000000005610000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5610000
|
| Size: |
4096
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1756601712.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
58B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3463147741.00000000058B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
58B0000
|
| Size: |
4096
|
|
|
5020000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1802889714.0000000005020000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5020000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1789701705.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1960513473.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830292520.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
2A17000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3457335345.0000000002A17000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A17000
|
| Size: |
12288
|
|
|
51A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1960714075.00000000051A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51A1000
|
| Size: |
4096
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1873646046.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
49152
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752909017.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1959780911.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
466F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3460632359.000000000466F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
466F000
|
| Size: |
4096
|
|
|
4BB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1802904083.0000000004BB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BB0000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933658657.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
18AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456493535.00000000018AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18AD000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
10F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1796649115.00000000010F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
10F0000
|
| Size: |
53248
|
|
|
1302000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456538284.0000000001302000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1302000
|
| Size: |
12288
|
|
|
270000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3453133325.0000000000270000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
270000
|
| Size: |
4096
|
|
|
6A6000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3454414581.00000000006A6000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
6A6000
|
| Size: |
24576
|
|
|
4E1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3460467587.0000000004E1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E1E000
|
| Size: |
8192
|
|
|
4BB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1802942129.0000000004BB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BB0000
|
| Size: |
4096
|
|
|
4DA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3462642775.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DA0000
|
| Size: |
4096
|
|
|
339F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3458209133.000000000339F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
339F000
|
| Size: |
4096
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1751833783.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
49152
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830130159.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
E9D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3456276074.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E9D000
|
| Size: |
20480
|
|
|
29CB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3457191409.00000000029CB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
29CB000
|
| Size: |
20480
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830201667.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
5020000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1803068937.0000000005020000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5020000
|
| Size: |
4096
|
|
|
1307000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456538284.0000000001307000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1307000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
323F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3457796851.000000000323F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
323F000
|
| Size: |
4096
|
|
|
4FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1851092627.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB1000
|
| Size: |
237568
|
|
|
3D9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3459719326.0000000003D9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D9F000
|
| Size: |
4096
|
|
|
4CA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1725215601.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CA0000
|
| Size: |
4096
|
|
|
2D3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3457435166.0000000002D3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D3F000
|
| Size: |
4096
|
|
|
6A6000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3454226179.00000000006A6000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
6A6000
|
| Size: |
24576
|
|
|
57B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1944244424.00000000057B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57B0000
|
| Size: |
4096
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752356243.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
12ED000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456538284.00000000012ED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12ED000
|
| Size: |
12288
|
|
|
1327000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1831934452.0000000001327000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1327000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1942014080.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752403020.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1959844064.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
4BB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1803063851.0000000004BB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BB0000
|
| Size: |
4096
|
|
|
1A38000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455376041.0000000001A38000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A38000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1722674213.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
48BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3460553527.00000000048BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
48BF000
|
| Size: |
4096
|
|
|
313E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3457758894.000000000313E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
313E000
|
| Size: |
8192
|
|
|
3BAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456537469.0000000003BAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BAF000
|
| Size: |
4096
|
|
|
4D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458204227.0000000004D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D6E000
|
| Size: |
8192
|
|
|
12E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456538284.00000000012E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12E9000
|
| Size: |
8192
|
|
|
4A01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1831185983.0000000004A01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A01000
|
| Size: |
4096
|
|
|
19C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853128491.00000000019C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
19C0000
|
| Size: |
53248
|
|
|
4BB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1803000365.0000000004BB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BB0000
|
| Size: |
4096
|
|
|
423E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3460605381.000000000423E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
423E000
|
| Size: |
8192
|
|
|
4CDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3460375288.0000000004CDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4CDE000
|
| Size: |
8192
|
|
|
5890000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3462639317.0000000005890000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5890000
|
| Size: |
4096
|
|
|
18A8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3456493535.00000000018A8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18A8000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
D3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3456493123.0000000000D3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D3E000
|
| Size: |
8192
|
|
|
4C9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3460289513.0000000004C9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C9F000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1960028672.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
505F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3460634753.000000000505F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
505F000
|
| Size: |
4096
|
|
|
55D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1862498690.00000000055D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55D0000
|
| Size: |
12288
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1799492239.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1799515986.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1941885381.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
10F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1795416963.00000000010F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
10F0000
|
| Size: |
53248
|
|
|
333E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3458391525.000000000333E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
333E000
|
| Size: |
8192
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830408230.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
271000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000000.1777293176.0000000000271000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
271000
|
| Size: |
704512
|
|
|
5020000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1802984120.0000000005020000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5020000
|
| Size: |
4096
|
|
|
12F7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456538284.00000000012F7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12F7000
|
| Size: |
12288
|
|
|
40FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3460458147.00000000040FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40FE000
|
| Size: |
8192
|
|
|
346F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456026494.000000000346F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
346F000
|
| Size: |
4096
|
|
|
CD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1793488411.0000000000CD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
53248
|
|
|
3430000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1939952386.0000000003430000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3430000
|
| Size: |
53248
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752185613.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
6BC000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3454226179.00000000006BC000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
6BC000
|
| Size: |
4096
|
|
|
51A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3460824871.00000000051A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51A0000
|
| Size: |
4096
|
|
|
4B00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1789472213.0000000004B00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B00000
|
| Size: |
176128
|
|
|
3C5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3459604345.0000000003C5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C5F000
|
| Size: |
4096
|
|
|
2EBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3457569783.0000000002EBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EBE000
|
| Size: |
8192
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1722635808.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
49152
|
|
|
57B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1944195049.00000000057B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57B0000
|
| Size: |
4096
|
|
|
5080000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3461684713.0000000005080000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5080000
|
| Size: |
4096
|
|
|
10F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1798084488.00000000010F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
10F0000
|
| Size: |
53248
|
|
|
12D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3456538284.00000000012D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12D6000
|
| Size: |
28672
|
|
|
55B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1862544319.00000000055B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
55B0000
|
| Size: |
4096
|
|
|
455E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3459533575.000000000455E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
455E000
|
| Size: |
8192
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1941865822.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
50E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3462426585.00000000050E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50E0000
|
| Size: |
4096
|
|
|
EAA000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3454183871.0000000000EAA000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
EAA000
|
| Size: |
8192
|
|
|
4CA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1725380220.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CA0000
|
| Size: |
4096
|
|
|
4CA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1725293119.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CA0000
|
| Size: |
4096
|
|
|
19C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1851815397.00000000019C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
19C0000
|
| Size: |
53248
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1756667629.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
57B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1944356541.00000000057B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57B0000
|
| Size: |
4096
|
|
|
496F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457867549.000000000496F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
496F000
|
| Size: |
4096
|
|
|
5FD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3454237327.00000000005FD000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
5FD000
|
| Size: |
40960
|
|
|
2A0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3457275595.0000000002A0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A0E000
|
| Size: |
8192
|
|
|
66A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3454414581.000000000066A000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
66A000
|
| Size: |
102400
|
|
|
4C40000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3462529449.0000000004C40000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C40000
|
| Size: |
4096
|
|
|
3430000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1934333435.0000000003430000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3430000
|
| Size: |
53248
|
|
|
56D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3460051789.00000000056D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
56D0000
|
| Size: |
8192
|
|
|
19DA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3455376041.00000000019DA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
19DA000
|
| Size: |
8192
|
|
|
214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1830488175.0000000000214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
214000
|
| Size: |
4096
|
|
|
4B80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1803293376.0000000004B80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B80000
|
| Size: |
4096
|
|
|
3AAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456496535.0000000003AAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3AAE000
|
| Size: |
8192
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830295705.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
52A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933413072.00000000052A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52A0000
|
| Size: |
176128
|
|
|
19C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854282043.00000000019C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
19C0000
|
| Size: |
53248
|
|
|
3E6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456799069.0000000003E6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E6E000
|
| Size: |
8192
|
|
|
44AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457385947.00000000044AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44AE000
|
| Size: |
8192
|
|
|
4681000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1756565552.0000000004681000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4681000
|
| Size: |
4096
|
|
|
405E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3459971656.000000000405E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
405E000
|
| Size: |
8192
|
|
|
111A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.3454307049.000000000111A000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
111A000
|
| Size: |
102400
|
|
|
116C000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1845113435.000000000116C000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
116C000
|
| Size: |
1716224
|
|
|
1114000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1830198972.0000000001114000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1114000
|
| Size: |
4096
|
|
|
41EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457075574.00000000041EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41EF000
|
| Size: |
4096
|
|
|
40EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457020306.00000000040EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40EE000
|
| Size: |
8192
|
|
|
2E7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3457520413.0000000002E7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E7F000
|
| Size: |
4096
|
|
|
363E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3458114453.000000000363E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
363E000
|
| Size: |
8192
|
|
|
34A000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1707849637.000000000034A000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
34A000
|
| Size: |
8192
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1722787575.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
|
38DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3459319456.00000000038DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38DE000
|
| Size: |
8192
|
|
|
57BD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3461231800.00000000057BD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57BD000
|
| Size: |
12288
|
|
|
3BBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3459811418.0000000003BBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BBF000
|
| Size: |
4096
|
|
|
39DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3457900960.00000000039DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39DF000
|
| Size: |
4096
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1941816300.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
4B5C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3460895901.0000000004B5C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B5C000
|
| Size: |
16384
|
|
|
D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1752462723.0000000000D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D04000
|
| Size: |
4096
|
|
