837000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2646908340.0000000000837000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
837000
|
Size: |
987136
|
|
7EC000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000004.00000000.1530356396.00000000007EC000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
7EC000
|
Size: |
8192
|
|
7B6000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2645084904.00000000007B6000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7B6000
|
Size: |
131072
|
|
3024000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.2649779035.0000000003024000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
3024000
|
Size: |
114688
|
|
562C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2650633944.000000000562C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
562C000
|
Size: |
16384
|
|
319D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1533844094.000000000319D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
319D000
|
Size: |
32768
|
|
2C8D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2649345455.0000000002C8D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2C8D000
|
Size: |
12288
|
|
F30000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2648576586.0000000000F30000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F30000
|
Size: |
20480
|
|
307F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2649814485.000000000307F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
307F000
|
Size: |
32768
|
|
2EF2000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2649482812.0000000002EF2000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2EF2000
|
Size: |
45056
|
|
929000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000000.1367332770.0000000000929000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
929000
|
Size: |
12288
|
|
6BB000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2644856733.00000000006BB000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6BB000
|
Size: |
987136
|
|
10000000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2650373990.0000000010000000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
10000000
|
Size: |
188416
|
|
1E5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2644072082.00000000001E5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E5000
|
Size: |
16384
|
|
BC5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1587141080.0000000000BC5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BC5000
|
Size: |
172032
|
|
F0E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648242280.0000000000F0E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F0E000
|
Size: |
4096
|
|
2BAD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1532972259.0000000002BAD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2BAD000
|
Size: |
8192
|
|
A92000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1424094537.0000000000A92000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A92000
|
Size: |
20480
|
|
400000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000000.1529921388.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
400000
|
Size: |
4096
|
|
E90000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648165059.0000000000E90000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
E90000
|
Size: |
4096
|
|
401000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000001.00000002.2644483356.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
401000
|
Size: |
1372160
|
|
A9A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2647752348.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A9A000
|
Size: |
20480
|
|
2B80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2649316808.0000000002B80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2B80000
|
Size: |
4096
|
|
289B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648530028.000000000289B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
289B000
|
Size: |
987136
|
|
9AE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2647752348.00000000009AE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9AE000
|
Size: |
270336
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Installs a raw input device (often for capturing keystrokes) |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
837000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000000.1367332770.0000000000837000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
837000
|
Size: |
987136
|
|
7B6000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000000.1530076502.00000000007B6000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7B6000
|
Size: |
131072
|
|
2EFF000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2649482812.0000000002EFF000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2EFF000
|
Size: |
4096
|
|
A97000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1424075122.0000000000A97000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A97000
|
Size: |
32768
|
|
2E6F000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.2649542491.0000000002E6F000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2E6F000
|
Size: |
487424
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
7EC000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000001.00000002.2646563203.00000000007EC000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
7EC000
|
Size: |
4096
|
|
7AD000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000000.1530076502.00000000007AD000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7AD000
|
Size: |
12288
|
|
3B0E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2650227554.0000000003B0E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3B0E000
|
Size: |
8192
|
|
A7C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1424094537.0000000000A7C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A7C000
|
Size: |
4096
|
|
550000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000000.1366512596.0000000000550000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
550000
|
Size: |
1466368
|
|
932000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000000.1530409464.0000000000932000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
932000
|
Size: |
40960
|
|
3194000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1534238154.0000000003194000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3194000
|
Size: |
12288
|
|
31A2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1370327586.00000000031A2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31A2000
|
Size: |
32768
|
|
3197000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1370504634.0000000003197000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3197000
|
Size: |
12288
|
|
7AD000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000000.1366512596.00000000007AD000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7AD000
|
Size: |
12288
|
|
30AF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1370155349.00000000030AF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
30AF000
|
Size: |
987136
|
|
2BEE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2649201906.0000000002BEE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2BEE000
|
Size: |
8192
|
|
A92000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2647752348.0000000000A92000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A92000
|
Size: |
28672
|
|
7ED000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2646637815.00000000007ED000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
7ED000
|
Size: |
4096
|
|
7D8000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2646155249.00000000007D8000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
7D8000
|
Size: |
8192
|
|
B49000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2647341814.0000000000B49000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B49000
|
Size: |
200704
|
|
401000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000004.00000000.1529943565.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
401000
|
Size: |
1372160
|
|
A4F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2647752348.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A4F000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
AC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2647276515.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
AC0000
|
Size: |
4096
|
|
9D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2647176297.00000000009D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D0000
|
Size: |
16384
|
|
30A2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1534238154.00000000030A2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
30A2000
|
Size: |
987136
|
|
10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2643463676.0000000000010000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
10000
|
Size: |
4096
|
|
29E2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2648730141.00000000029E2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29E2000
|
Size: |
45056
|
|
2BAE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2649173285.0000000002BAE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2BAE000
|
Size: |
8192
|
|
3E98000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2650492711.0000000003E98000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3E98000
|
Size: |
32768
|
|
381F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2650251474.000000000381F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
381F000
|
Size: |
4096
|
|
82F000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000000.1530409464.000000000082F000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
82F000
|
Size: |
12288
|
|
A45000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2647752348.0000000000A45000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A45000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2D1E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2649520937.0000000002D1E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
8192
|
|
19C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2643980224.000000000019C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
19C000
|
Size: |
16384
|
|
550000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2644856733.0000000000550000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
550000
|
Size: |
1466368
|
|
29D9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2648730141.00000000029D9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29D9000
|
Size: |
12288
|
|
7E4000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000001.00000002.2646382024.00000000007E4000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
7E4000
|
Size: |
20480
|
|
A7C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2647752348.0000000000A7C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A7C000
|
Size: |
12288
|
|
3E5B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2650466031.0000000003E5B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3E5B000
|
Size: |
20480
|
|
7E3000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2645986093.00000000007E3000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
7E3000
|
Size: |
4096
|
|
7AD000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2645084904.00000000007AD000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7AD000
|
Size: |
12288
|
|
2CE1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1369730161.0000000002CE1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2CE1000
|
Size: |
262144
|
|
7E3000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2646301511.00000000007E3000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
7E3000
|
Size: |
4096
|
|
7D6000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000004.00000002.2645869264.00000000007D6000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
7D6000
|
Size: |
8192
|
|
2CB6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1368992017.0000000002CB6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2CB6000
|
Size: |
512000
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
1E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2644129260.00000000001E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E0000
|
Size: |
8192
|
|
82F000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2646908340.000000000082F000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
82F000
|
Size: |
12288
|
|
F80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648373324.0000000000F80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F80000
|
Size: |
16384
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1612068298.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BA5000
|
Size: |
28672
|
|
29EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648730565.00000000029EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
29EE000
|
Size: |
8192
|
|
318D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1533476435.000000000318D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
318D000
|
Size: |
12288
|
|
837000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000000.1530409464.0000000000837000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
837000
|
Size: |
987136
|
|
BA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2647341814.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BA5000
|
Size: |
77824
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
929000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2646908340.0000000000929000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
929000
|
Size: |
12288
|
|
2F24000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2649482812.0000000002F24000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2F24000
|
Size: |
299008
|
|
2B9B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2649345455.0000000002B9B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2B9B000
|
Size: |
987136
|
|
827000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2646637815.0000000000827000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
827000
|
Size: |
12288
|
|
2A67000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1532972259.0000000002A67000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2A67000
|
Size: |
1204224
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
E40000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2648428539.0000000000E40000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
E40000
|
Size: |
4096
|
|
9F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1370461855.00000000009F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9F5000
|
Size: |
32768
|
|
6BB000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000000.1366512596.00000000006BB000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6BB000
|
Size: |
987136
|
|
2D22000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1369730161.0000000002D22000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2D22000
|
Size: |
53248
|
|
F00000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648242280.0000000000F00000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F00000
|
Size: |
8192
|
|
E60000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2648461731.0000000000E60000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
E60000
|
Size: |
8192
|
|
2A50000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2648794225.0000000002A50000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2A50000
|
Size: |
4096
|
|
2AF3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2649023531.0000000002AF3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2AF3000
|
Size: |
45056
|
|
2880000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648463945.0000000002880000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2880000
|
Size: |
8192
|
|
10000000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.2650712243.0000000010000000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
10000000
|
Size: |
188416
|
|
1003A000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.2650712243.000000001003A000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
1003A000
|
Size: |
8192
|
|
7E9000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2646105732.00000000007E9000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
7E9000
|
Size: |
8192
|
|
1003A000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2650373990.000000001003A000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
1003A000
|
Size: |
8192
|
|
A75000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1422281085.0000000000A75000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A75000
|
Size: |
114688
|
|
3196000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1533476435.0000000003196000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3196000
|
Size: |
32768
|
|
F37000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2648576586.0000000000F37000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F37000
|
Size: |
8192
|
|
3194000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1533844094.0000000003194000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3194000
|
Size: |
12288
|
|
827000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2646254500.0000000000827000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
827000
|
Size: |
12288
|
|
400000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2644302926.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
400000
|
Size: |
4096
|
|
27D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2648626086.00000000027D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27D0000
|
Size: |
4096
|
|
7D6000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000001.00000000.1367273766.00000000007D6000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
7D6000
|
Size: |
86016
|
|
BBC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2647341814.0000000000BBC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BBC000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3021000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.2649779035.0000000003021000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
3021000
|
Size: |
4096
|
|
BC8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2647341814.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BC8000
|
Size: |
16384
|
|
31A1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1370155349.00000000031A1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31A1000
|
Size: |
12288
|
|
97000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2643775070.0000000000097000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
97000
|
Size: |
36864
|
|
7F9000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2646637815.00000000007F9000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
7F9000
|
Size: |
8192
|
|
30A5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1370504634.00000000030A5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
30A5000
|
Size: |
987136
|
|
7D8000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2645891406.00000000007D8000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
7D8000
|
Size: |
8192
|
|
2BB4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1532972259.0000000002BB4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2BB4000
|
Size: |
262144
|
|
10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2643509361.0000000000010000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
10000
|
Size: |
4096
|
|
B00000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2647341814.0000000000B00000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B00000
|
Size: |
24576
|
|
9AA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2647752348.00000000009AA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9AA000
|
Size: |
8192
|
|
EE0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.2648528160.0000000000EE0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
EE0000
|
Size: |
4096
|
|
2CBC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1369730161.0000000002CBC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2CBC000
|
Size: |
8192
|
|
2B8F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1532972259.0000000002B8F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2B8F000
|
Size: |
8192
|
|
9F7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2647752348.00000000009F7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9F7000
|
Size: |
118784
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2E6B000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.2649542491.0000000002E6B000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2E6B000
|
Size: |
4096
|
|
3042000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.2649779035.0000000003042000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
3042000
|
Size: |
8192
|
|
7E4000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000004.00000002.2646044674.00000000007E4000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
7E4000
|
Size: |
20480
|
|
39CF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2650154548.00000000039CF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
39CF000
|
Size: |
4096
|
|
29F8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2649023531.00000000029F8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29F8000
|
Size: |
987136
|
|
A6F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2647752348.0000000000A6F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A6F000
|
Size: |
49152
|
|
550000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2645084904.0000000000550000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
550000
|
Size: |
1466368
|
|
9F2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2647752348.00000000009F2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9F2000
|
Size: |
16384
|
|
B08000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2647341814.0000000000B08000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B08000
|
Size: |
237568
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
3C0E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2650269048.0000000003C0E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3C0E000
|
Size: |
8192
|
|
3E93000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2650492711.0000000003E93000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3E93000
|
Size: |
4096
|
|
82C000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2646637815.000000000082C000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
82C000
|
Size: |
4096
|
|
7DA000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000004.00000002.2645953143.00000000007DA000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
7DA000
|
Size: |
36864
|
|
BAC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1611716242.0000000000BAC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BAC000
|
Size: |
49152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
807000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2646637815.0000000000807000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
807000
|
Size: |
4096
|
|
82F000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2646621865.000000000082F000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
82F000
|
Size: |
12288
|
|
572E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2650660282.000000000572E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
572E000
|
Size: |
8192
|
|
932000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2646621865.0000000000932000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
932000
|
Size: |
40960
|
|
3ACB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2650191342.0000000003ACB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3ACB000
|
Size: |
20480
|
|
7B6000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2644856733.00000000007B6000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7B6000
|
Size: |
131072
|
|
385E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2650272402.000000000385E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
385E000
|
Size: |
8192
|
|
2F84000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2649814485.0000000002F84000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2F84000
|
Size: |
987136
|
|
9ED000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1370461855.00000000009ED000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9ED000
|
Size: |
8192
|
|
6BB000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2645084904.00000000006BB000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6BB000
|
Size: |
987136
|
|
7AD000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2644856733.00000000007AD000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7AD000
|
Size: |
12288
|
|
36CF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2650053052.00000000036CF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
36CF000
|
Size: |
4096
|
|
7E9000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2646489611.00000000007E9000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
7E9000
|
Size: |
8192
|
|
38CF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2650126516.00000000038CF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
38CF000
|
Size: |
4096
|
|
3EA3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2650492711.0000000003EA3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3EA3000
|
Size: |
4096
|
|
2DD1000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2649482812.0000000002DD1000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2DD1000
|
Size: |
679936
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
929000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000000.1530409464.0000000000929000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
929000
|
Size: |
12288
|
|
B44000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2647341814.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B44000
|
Size: |
16384
|
|
9A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2647752348.00000000009A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9A0000
|
Size: |
36864
|
|
2A67000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648839817.0000000002A67000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2A67000
|
Size: |
987136
|
|
2F20000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2649482812.0000000002F20000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2F20000
|
Size: |
8192
|
|
3046000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.2649779035.0000000003046000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
3046000
|
Size: |
299008
|
|
BB9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2647341814.0000000000BB9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BB9000
|
Size: |
4096
|
|
2BA4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1532972259.0000000002BA4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2BA4000
|
Size: |
32768
|
|
2CD1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1369730161.0000000002CD1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2CD1000
|
Size: |
32768
|
|
2E7A000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2649482812.0000000002E7A000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2E7A000
|
Size: |
487424
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
7EC000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000004.00000002.2646202903.00000000007EC000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
7EC000
|
Size: |
4096
|
|
82F000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000000.1367332770.000000000082F000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
82F000
|
Size: |
12288
|
|
F05000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648242280.0000000000F05000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F05000
|
Size: |
20480
|
|
3E91000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1424048639.0000000003E91000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3E91000
|
Size: |
135168
|
|
807000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2646254500.0000000000807000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
807000
|
Size: |
4096
|
|
2BB1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1532972259.0000000002BB1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2BB1000
|
Size: |
4096
|
|
28D5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2648651545.00000000028D5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
28D5000
|
Size: |
20480
|
|
BB5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1586024607.0000000000BB5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BB5000
|
Size: |
114688
|
|
3C1E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2650377097.0000000003C1E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3C1E000
|
Size: |
8192
|
|
2D4B000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2649235913.0000000002D4B000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2D4B000
|
Size: |
487424
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
BBC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1611716242.0000000000BBC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BBC000
|
Size: |
65536
|
|
B96000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2647341814.0000000000B96000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B96000
|
Size: |
57344
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
7DA000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000001.00000002.2646257280.00000000007DA000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
7DA000
|
Size: |
36864
|
|
B96000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1612068298.0000000000B96000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B96000
|
Size: |
57344
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
9D5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2647176297.00000000009D5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D5000
|
Size: |
16384
|
|
A80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1424094537.0000000000A80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A80000
|
Size: |
4096
|
|
932000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.2646908340.0000000000932000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
932000
|
Size: |
40960
|
|
929000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2646621865.0000000000929000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
929000
|
Size: |
12288
|
|
3D1E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2650407518.0000000003D1E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3D1E000
|
Size: |
8192
|
|
401000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000004.00000002.2644226836.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
401000
|
Size: |
1372160
|
|
BB9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1611716242.0000000000BB9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BB9000
|
Size: |
4096
|
|
19C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2644015170.000000000019C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
19C000
|
Size: |
16384
|
|
285E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648433736.000000000285E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
285E000
|
Size: |
8192
|
|
3ADE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2650323717.0000000003ADE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3ADE000
|
Size: |
8192
|
|
2F02000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2649482812.0000000002F02000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2F02000
|
Size: |
114688
|
|
53CC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2650292984.00000000053CC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
53CC000
|
Size: |
16384
|
|
7EC000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000001.00000000.1367273766.00000000007EC000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
7EC000
|
Size: |
8192
|
|
550000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000000.1530076502.0000000000550000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
550000
|
Size: |
1466368
|
|
2A68000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1531909500.0000000002A68000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2A68000
|
Size: |
1187840
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
2D42000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.2649542491.0000000002D42000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2D42000
|
Size: |
1196032
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
F86000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648373324.0000000000F86000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F86000
|
Size: |
12288
|
|
2AEA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2649023531.0000000002AEA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2AEA000
|
Size: |
12288
|
|
1F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2644228788.00000000001F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1F0000
|
Size: |
12288
|
|
2B8B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1531909500.0000000002B8B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2B8B000
|
Size: |
512000
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
2C96000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2649345455.0000000002C96000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2C96000
|
Size: |
32768
|
|
2896000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648530028.0000000002896000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2896000
|
Size: |
4096
|
|
2BF5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1532972259.0000000002BF5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2BF5000
|
Size: |
53248
|
|
2B62000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648839817.0000000002B62000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2B62000
|
Size: |
45056
|
|
371E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2650209337.000000000371E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
371E000
|
Size: |
8192
|
|
A5B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2647752348.0000000000A5B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A5B000
|
Size: |
77824
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
2996000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648530028.0000000002996000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2996000
|
Size: |
45056
|
|
EB0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648207412.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
EB0000
|
Size: |
4096
|
|
28E7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2648730141.00000000028E7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
28E7000
|
Size: |
987136
|
|
6BB000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000000.1530076502.00000000006BB000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6BB000
|
Size: |
987136
|
|
7F9000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2646254500.00000000007F9000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
7F9000
|
Size: |
8192
|
|
31AA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1370155349.00000000031AA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31AA000
|
Size: |
32768
|
|
2C1E000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2649235913.0000000002C1E000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2C1E000
|
Size: |
1196032
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
2CDA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1369730161.0000000002CDA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2CDA000
|
Size: |
8192
|
|
2EF3000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.2649779035.0000000002EF3000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2EF3000
|
Size: |
679936
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
3076000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2649814485.0000000003076000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3076000
|
Size: |
12288
|
|
400000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000000.1366343942.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
400000
|
Size: |
4096
|
|
36DF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2650174145.00000000036DF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
36DF000
|
Size: |
4096
|
|
2A62000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648839817.0000000002A62000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2A62000
|
Size: |
4096
|
|
3D5E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2650439537.0000000003D5E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3D5E000
|
Size: |
8192
|
|
298D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648530028.000000000298D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
298D000
|
Size: |
12288
|
|
28E2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2648730141.00000000028E2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
28E2000
|
Size: |
4096
|
|
A23000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2647752348.0000000000A23000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A23000
|
Size: |
81920
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3E95000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2650492711.0000000003E95000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3E95000
|
Size: |
4096
|
|
A77000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1424094537.0000000000A77000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A77000
|
Size: |
16384
|
|
2B94000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1369730161.0000000002B94000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2B94000
|
Size: |
1204224
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
309B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1533476435.000000000309B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
309B000
|
Size: |
987136
|
|
1E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2644072082.00000000001E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E0000
|
Size: |
16384
|
|
3BDE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2650349070.0000000003BDE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3BDE000
|
Size: |
8192
|
|
BC5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1612030657.0000000000BC5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BC5000
|
Size: |
28672
|
|
37CF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2650089082.00000000037CF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
37CF000
|
Size: |
4096
|
|
3014000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.2649779035.0000000003014000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
3014000
|
Size: |
45056
|
|
33D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2650024491.00000000033D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
33D0000
|
Size: |
4096
|
|
7D6000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000001.00000002.2646089264.00000000007D6000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
7D6000
|
Size: |
8192
|
|
837000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2646621865.0000000000837000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
837000
|
Size: |
987136
|
|
3199000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1370327586.0000000003199000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3199000
|
Size: |
12288
|
|
A3A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2647752348.0000000000A3A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A3A000
|
Size: |
8192
|
|
B90000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1612068298.0000000000B90000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B90000
|
Size: |
20480
|
|
7D6000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000004.00000000.1530356396.00000000007D6000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
7D6000
|
Size: |
86016
|
|
2B59000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648839817.0000000002B59000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2B59000
|
Size: |
12288
|
|
2F9C000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.2649779035.0000000002F9C000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2F9C000
|
Size: |
487424
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
30A2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1533844094.00000000030A2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
30A2000
|
Size: |
987136
|
|
56A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2650346709.00000000056A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
56A0000
|
Size: |
4096
|
|
30A7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1370327586.00000000030A7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
30A7000
|
Size: |
987136
|
|
97000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2643957837.0000000000097000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
97000
|
Size: |
36864
|
|
2884000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648463945.0000000002884000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2884000
|
Size: |
20480
|
|
2B92000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1532972259.0000000002B92000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2B92000
|
Size: |
69632
|
|
54CE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2650321446.00000000054CE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
54CE000
|
Size: |
8192
|
|
A80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2647752348.0000000000A80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A80000
|
Size: |
4096
|
|
2CBF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1369730161.0000000002CBF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2CBF000
|
Size: |
69632
|
|
BBD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000003.1611962956.0000000000BBD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BBD000
|
Size: |
61440
|
|
395F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2650295806.000000000395F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
395F000
|
Size: |
4096
|
|
3E90000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2650492711.0000000003E90000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3E90000
|
Size: |
4096
|
|
2CDE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1369730161.0000000002CDE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2CDE000
|
Size: |
4096
|
|
932000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000000.1367332770.0000000000932000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
932000
|
Size: |
40960
|
|
7ED000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2646254500.00000000007ED000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
7ED000
|
Size: |
4096
|
|
990000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2647708799.0000000000990000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
990000
|
Size: |
4096
|
|
28D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2648651545.00000000028D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
28D0000
|
Size: |
8192
|
|
82C000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2646254500.000000000082C000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
82C000
|
Size: |
4096
|
|
9C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2647079110.00000000009C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C0000
|
Size: |
4096
|
|
A15000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2647752348.0000000000A15000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A15000
|
Size: |
45056
|
|
EF0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2648547577.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
EF0000
|
Size: |
4096
|
|
B7D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2647341814.0000000000B7D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B7D000
|
Size: |
98304
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
5900000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2650684037.0000000005900000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5900000
|
Size: |
4096
|
|
2A2E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2648761000.0000000002A2E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2A2E000
|
Size: |
8192
|
|
2D47000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2649235913.0000000002D47000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
2D47000
|
Size: |
4096
|
|
28DE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2648651545.00000000028DE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
28DE000
|
Size: |
4096
|
|
E64000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2648461731.0000000000E64000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
E64000
|
Size: |
20480
|
|
29F3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.2649023531.00000000029F3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29F3000
|
Size: |
4096
|
|
2B93000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000003.1368992017.0000000002B93000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2B93000
|
Size: |
1187840
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
401000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000001.00000000.1366362708.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
401000
|
Size: |
1372160
|
|
7B6000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000000.1366512596.00000000007B6000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
1
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7B6000
|
Size: |
131072
|
|
400000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2644164015.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
400000
|
Size: |
4096
|
|