2D61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361515690.0000000002D61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D61000
|
Size: |
8192
|
|
2D39000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1398078961.0000000002D39000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D39000
|
Size: |
12288
|
|
31D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1425912190.00000000031D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31D1000
|
Size: |
221184
|
|
550000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727256705.0000000000550000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
550000
|
Size: |
16384
|
|
2D72000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1374594466.0000000002D72000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D72000
|
Size: |
16384
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415858869.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
|
2DA5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728591872.0000000002DA5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2DA5000
|
Size: |
4096
|
|
3302000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2496044113.0000000003302000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3302000
|
Size: |
4096
|
|
446000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000008.00000000.1308679967.0000000000446000.00000008.00000001.01000000.00000006.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
446000
|
Size: |
4096
|
|
2D69000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373435452.0000000002D69000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D69000
|
Size: |
4096
|
|
2D7A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1375078428.0000000002D7A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D7A000
|
Size: |
4096
|
|
2FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413901868.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEB000
|
Size: |
4096
|
|
700000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1326832249.0000000000700000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
700000
|
Size: |
4096
|
|
7F8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1523244780.00000000007F8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7F8000
|
Size: |
86016
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
27EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2495299415.00000000027EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
27EE000
|
Size: |
8192
|
|
1F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2492433686.00000000001F0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1F0000
|
Size: |
4096
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416378986.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
2D33000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416278078.0000000002D33000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D33000
|
Size: |
12288
|
|
2D25000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1419799141.0000000002D25000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D25000
|
Size: |
53248
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413225340.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
|
818000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1432937288.0000000000818000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
818000
|
Size: |
28672
|
|
2D83000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1394393715.0000000002D83000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D83000
|
Size: |
4096
|
|
3283000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1398146378.0000000003283000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3283000
|
Size: |
4096
|
|
32E9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1306304721.00000000032E9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
32E9000
|
Size: |
106496
|
|
2187000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2494233697.0000000002187000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2187000
|
Size: |
8192
|
|
80E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1523244780.000000000080E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80E000
|
Size: |
32768
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2D3C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1523391041.0000000002D3C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3C000
|
Size: |
155648
|
|
2FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415684860.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEB000
|
Size: |
4096
|
|
670000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000008.00000002.1727313287.0000000000670000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
670000
|
Size: |
339968
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Yara signature match |
System Summary |
|
|
2D33000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415957846.0000000002D33000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D33000
|
Size: |
12288
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416262379.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
|
66E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727297394.000000000066E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
66E000
|
Size: |
8192
|
|
2230000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2494865934.0000000002230000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2230000
|
Size: |
12288
|
|
2FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413748155.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEB000
|
Size: |
4096
|
|
2D4B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1394393715.0000000002D4B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D4B000
|
Size: |
4096
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413002613.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413517079.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
4096
|
|
32A1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1306304721.00000000032A1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
32A1000
|
Size: |
32768
|
|
32B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1306304721.00000000032B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
32B0000
|
Size: |
217088
|
|
2D32000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1523522964.0000000002D32000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D32000
|
Size: |
16384
|
|
32DB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1556590856.00000000032DB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
32DB000
|
Size: |
593920
|
|
2D7B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1396817863.0000000002D7B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D7B000
|
Size: |
4096
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416505161.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
|
2D79000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361399874.0000000002D79000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D79000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2FD1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1389507886.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FD1000
|
Size: |
12288
|
|
2D3B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1374968322.0000000002D3B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3B000
|
Size: |
36864
|
|
2D26000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1556803864.0000000002D26000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D26000
|
Size: |
32768
|
|
2D25000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1556826562.0000000002D25000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D25000
|
Size: |
4096
|
|
292E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2495407696.000000000292E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
292E000
|
Size: |
8192
|
|
2FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413406139.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEB000
|
Size: |
4096
|
|
2D7A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361515690.0000000002D7A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D7A000
|
Size: |
40960
|
|
2D7A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361756161.0000000002D7A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D7A000
|
Size: |
81920
|
|
557000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1431589464.0000000000557000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
557000
|
Size: |
8192
|
|
2FD4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1375282916.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FD4000
|
Size: |
4096
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415580110.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
2D64000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1523391041.0000000002D64000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D64000
|
Size: |
155648
|
|
2D6E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373994543.0000000002D6E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D6E000
|
Size: |
12288
|
|
2D40000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728473723.0000000002D40000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D40000
|
Size: |
139264
|
|
807000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727665935.0000000000807000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
807000
|
Size: |
24576
|
|
2D14000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1433136182.0000000002D14000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D14000
|
Size: |
20480
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
2D32000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1393168164.0000000002D32000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D32000
|
Size: |
16384
|
|
2FD0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728739016.0000000002FD0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FD0000
|
Size: |
8192
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416002027.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416190882.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
|
2D36000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1523466118.0000000002D36000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D36000
|
Size: |
24576
|
|
7BD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727460033.00000000007BD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7BD000
|
Size: |
8192
|
|
2D2E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1375502536.0000000002D2E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D2E000
|
Size: |
32768
|
|
2D8A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361515690.0000000002D8A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D8A000
|
Size: |
40960
|
|
839000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1291821488.0000000000839000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
839000
|
Size: |
4096
|
|
2BCE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728162492.0000000002BCE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2BCE000
|
Size: |
8192
|
|
2FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413465949.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEB000
|
Size: |
4096
|
|
2D3E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361870639.0000000002D3E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3E000
|
Size: |
28672
|
|
2FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1393080241.0000000002FF0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FF0000
|
Size: |
8192
|
|
294F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728016046.000000000294F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
294F000
|
Size: |
4096
|
|
2D7C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1397135928.0000000002D7C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D7C000
|
Size: |
4096
|
|
2D39000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1395624690.0000000002D39000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D39000
|
Size: |
12288
|
|
2D94000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1523391041.0000000002D94000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D94000
|
Size: |
61440
|
|
2D33000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413369017.0000000002D33000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D33000
|
Size: |
12288
|
|
2CED000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2495788042.0000000002CED000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2CED000
|
Size: |
12288
|
|
2D11000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1419799141.0000000002D11000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D11000
|
Size: |
73728
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
2D37000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373435452.0000000002D37000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D37000
|
Size: |
57344
|
|
2D8F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361756161.0000000002D8F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D8F000
|
Size: |
20480
|
|
2D6B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1396817863.0000000002D6B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D6B000
|
Size: |
4096
|
|
27AF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2495236850.00000000027AF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
27AF000
|
Size: |
4096
|
|
73CF1000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000008.00000002.1729019731.0000000073CF1000.00000020.00000001.01000000.00000008.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
73CF1000
|
Size: |
86016
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415383589.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
2FEC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1375540392.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEC000
|
Size: |
24576
|
|
2FE0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728739016.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE0000
|
Size: |
4096
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415608619.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
|
3233000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1398146378.0000000003233000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3233000
|
Size: |
4096
|
|
3009000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1362042001.0000000003009000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3009000
|
Size: |
4096
|
|
2D33000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413694452.0000000002D33000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D33000
|
Size: |
12288
|
|
2FE4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1375011521.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE4000
|
Size: |
28672
|
|
841000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1291821488.0000000000841000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
841000
|
Size: |
8192
|
|
2220000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727788400.0000000002220000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2220000
|
Size: |
16384
|
|
2DA7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1431668843.0000000002DA7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2DA7000
|
Size: |
57344
|
|
2D51000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1396817863.0000000002D51000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D51000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2DA7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728591872.0000000002DA7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2DA7000
|
Size: |
4096
|
|
2D3C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1393139421.0000000002D3C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3C000
|
Size: |
32768
|
|
32BB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1398146378.00000000032BB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
32BB000
|
Size: |
4096
|
|
2D25000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728257700.0000000002D25000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D25000
|
Size: |
4096
|
|
2D12000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728257700.0000000002D12000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D12000
|
Size: |
73728
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
7CA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2493523716.00000000007CA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7CA000
|
Size: |
8192
|
|
72A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727365205.000000000072A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
72A000
|
Size: |
8192
|
|
2FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1393080241.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEB000
|
Size: |
12288
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1414061084.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
4096
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415438902.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
4096
|
|
452000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000000.1256395534.0000000000452000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
452000
|
Size: |
8192
|
|
2FD7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373001894.0000000002FD7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FD7000
|
Size: |
126976
|
|
2D36000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1398078961.0000000002D36000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D36000
|
Size: |
8192
|
|
4D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727224392.00000000004D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4D0000
|
Size: |
8192
|
|
2D37000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413079361.0000000002D37000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D37000
|
Size: |
53248
|
|
2E60000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1272688801.0000000002E60000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
2E60000
|
Size: |
4096
|
|
2D94000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361323050.0000000002D94000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D94000
|
Size: |
139264
|
|
2D3F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1395452711.0000000002D3F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3F000
|
Size: |
20480
|
|
2D30000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728257700.0000000002D30000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D30000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
2D3E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361381261.0000000002D3E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3E000
|
Size: |
24576
|
|
2FF2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1523540584.0000000002FF2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FF2000
|
Size: |
143360
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1414107508.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
4096
|
|
2D43000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361182790.0000000002D43000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D43000
|
Size: |
122880
|
|
280D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727921685.000000000280D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
280D000
|
Size: |
12288
|
|
2FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1417524516.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEB000
|
Size: |
4096
|
|
2D76000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373100965.0000000002D76000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D76000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
21EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2494567945.00000000021EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
21EE000
|
Size: |
8192
|
|
2D64000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728473723.0000000002D64000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D64000
|
Size: |
155648
|
|
2D2F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361157118.0000000002D2F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D2F000
|
Size: |
204800
|
|
2E60000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1272732334.0000000002E60000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
2E60000
|
Size: |
4096
|
|
2D44000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1362127956.0000000002D44000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D44000
|
Size: |
4096
|
|
2D83000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1395293299.0000000002D83000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D83000
|
Size: |
20480
|
|
2D66000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361756161.0000000002D66000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D66000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
2D19000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1423013756.0000000002D19000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D19000
|
Size: |
40960
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413901868.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
31FB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1398146378.00000000031FB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
31FB000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2D62000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361986737.0000000002D62000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D62000
|
Size: |
4096
|
|
2D63000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1395452711.0000000002D63000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D63000
|
Size: |
4096
|
|
2DBC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1394393715.0000000002DBC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2DBC000
|
Size: |
20480
|
|
22C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727854601.00000000022C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
22C0000
|
Size: |
12288
|
|
2E60000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1272594736.0000000002E60000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
2E60000
|
Size: |
4096
|
|
2A6E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2495545401.0000000002A6E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2A6E000
|
Size: |
8192
|
|
2D47000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1374807479.0000000002D47000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D47000
|
Size: |
4096
|
|
7C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2493523716.00000000007C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7C0000
|
Size: |
36864
|
|
284E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727980667.000000000284E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
284E000
|
Size: |
8192
|
|
28EF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2495355196.00000000028EF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
28EF000
|
Size: |
4096
|
|
2D94000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1394393715.0000000002D94000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D94000
|
Size: |
8192
|
|
2FD5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373228205.0000000002FD5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FD5000
|
Size: |
8192
|
|
720000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727365205.0000000000720000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
720000
|
Size: |
36864
|
|
32DF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1517989202.00000000032DF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
32DF000
|
Size: |
507904
|
|
2D5C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1397135928.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D5C000
|
Size: |
69632
|
|
804000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1556730977.0000000000804000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
804000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2D8C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373100965.0000000002D8C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D8C000
|
Size: |
143360
|
|
32B3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1398146378.00000000032B3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
32B3000
|
Size: |
4096
|
|
9B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727073754.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B000
|
Size: |
20480
|
|
2FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1395386339.0000000002FF0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FF0000
|
Size: |
8192
|
|
2D7C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1375078428.0000000002D7C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D7C000
|
Size: |
8192
|
|
411000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000008.00000000.1308616218.0000000000411000.00000020.00000001.01000000.00000006.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
411000
|
Size: |
204800
|
|
2FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1389507886.0000000002FF0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FF0000
|
Size: |
8192
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1417808058.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1418101596.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
|
2FE0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413225340.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE0000
|
Size: |
24576
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415684860.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
2FFB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416965628.0000000002FFB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFB000
|
Size: |
4096
|
|
2D51000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361237816.0000000002D51000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D51000
|
Size: |
65536
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416121862.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
4096
|
|
819000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1556709754.0000000000819000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
819000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
700000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1326866036.0000000000700000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
700000
|
Size: |
4096
|
|
2D78000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1374594466.0000000002D78000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D78000
|
Size: |
4096
|
|
2E4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728646328.0000000002E4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2E4E000
|
Size: |
8192
|
|
2D5C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1375078428.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D5C000
|
Size: |
118784
|
|
2180000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2494233697.0000000002180000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2180000
|
Size: |
20480
|
|
2FD1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1433167361.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FD1000
|
Size: |
4096
|
|
3CE5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1518141956.0000000003CE5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3CE5000
|
Size: |
610304
|
|
31D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728905598.00000000031D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31D0000
|
Size: |
221184
|
|
2D4C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1375078428.0000000002D4C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D4C000
|
Size: |
8192
|
|
6D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727348386.00000000006D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
4096
|
|
816000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1523484190.0000000000816000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
816000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
3010000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1556684886.0000000003010000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3010000
|
Size: |
20480
|
|
2FD1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1375430114.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FD1000
|
Size: |
12288
|
|
2D7C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373100965.0000000002D7C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D7C000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
2D4C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1372956350.0000000002D4C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D4C000
|
Size: |
4096
|
|
443000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000000.1308664340.0000000000443000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
443000
|
Size: |
12288
|
|
2190000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2494459967.0000000002190000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2190000
|
Size: |
4096
|
|
21C0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1326448464.00000000021C0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
21C0000
|
Size: |
335872
|
|
2FF2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1397219476.0000000002FF2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FF2000
|
Size: |
4096
|
|
2FD1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1433331229.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FD1000
|
Size: |
159744
|
|
2FF2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1375406077.0000000002FF2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FF2000
|
Size: |
16384
|
|
2D33000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1417380297.0000000002D33000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D33000
|
Size: |
12288
|
|
2D6D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1374594466.0000000002D6D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D6D000
|
Size: |
16384
|
|
2FE9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1395426932.0000000002FE9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE9000
|
Size: |
8192
|
|
2FEC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1375430114.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEC000
|
Size: |
24576
|
|
2D51000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361932843.0000000002D51000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D51000
|
Size: |
65536
|
|
2D73000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361399874.0000000002D73000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D73000
|
Size: |
4096
|
|
2D51000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361699183.0000000002D51000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D51000
|
Size: |
65536
|
|
2D97000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361756161.0000000002D97000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D97000
|
Size: |
16384
|
|
2D6D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1433226532.0000000002D6D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D6D000
|
Size: |
4096
|
|
73D06000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.1729066260.0000000073D06000.00000002.00000001.01000000.00000008.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
73D06000
|
Size: |
28672
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416239975.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
2FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415383589.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEB000
|
Size: |
4096
|
|
77A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727460033.000000000077A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
77A000
|
Size: |
176128
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
2D83000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361323050.0000000002D83000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D83000
|
Size: |
12288
|
|
2DB6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1431668843.0000000002DB6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2DB6000
|
Size: |
8192
|
|
2D51000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1395452711.0000000002D51000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D51000
|
Size: |
12288
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1419733878.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
|
2D7E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1431668843.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D7E000
|
Size: |
4096
|
|
2D25000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1556871353.0000000002D25000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D25000
|
Size: |
4096
|
|
2D0F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728228737.0000000002D0F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2D0F000
|
Size: |
4096
|
|
2A2F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2495483659.0000000002A2F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2A2F000
|
Size: |
4096
|
|
2D64000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373994543.0000000002D64000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D64000
|
Size: |
4096
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416759962.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
32A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2496044113.00000000032A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
32A0000
|
Size: |
102400
|
|
635000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2493035000.0000000000635000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
635000
|
Size: |
16384
|
|
2D66000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373435452.0000000002D66000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D66000
|
Size: |
8192
|
|
2D32000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1523289209.0000000002D32000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D32000
|
Size: |
16384
|
|
31DC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1398146378.00000000031DC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
31DC000
|
Size: |
4096
|
|
2D85000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1431668843.0000000002D85000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D85000
|
Size: |
12288
|
|
2D6E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373435452.0000000002D6E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D6E000
|
Size: |
12288
|
|
2D7B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1395452711.0000000002D7B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D7B000
|
Size: |
4096
|
|
2D11000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1556826562.0000000002D11000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D11000
|
Size: |
77824
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
51E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727241085.000000000051E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
51E000
|
Size: |
8192
|
|
2D7C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1374807479.0000000002D7C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D7C000
|
Size: |
8192
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413669067.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
|
2D7C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1433226532.0000000002D7C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D7C000
|
Size: |
8192
|
|
2D36000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1374968322.0000000002D36000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D36000
|
Size: |
8192
|
|
2D4D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1397995901.0000000002D4D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D4D000
|
Size: |
24576
|
|
7A6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727460033.00000000007A6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7A6000
|
Size: |
77824
|
|
2D32000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413099598.0000000002D32000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D32000
|
Size: |
16384
|
|
73D0D000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1729114535.0000000073D0D000.00000004.00000001.01000000.00000008.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
73D0D000
|
Size: |
8192
|
|
2D19000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1556871353.0000000002D19000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D19000
|
Size: |
45056
|
|
845000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1291886855.0000000000845000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
845000
|
Size: |
253952
|
|
2D30000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1523505747.0000000002D30000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D30000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
2D39000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728440523.0000000002D39000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D39000
|
Size: |
12288
|
|
812000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2493523716.0000000000812000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
812000
|
Size: |
106496
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2D95000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361515690.0000000002D95000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D95000
|
Size: |
4096
|
|
2D3B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1375502536.0000000002D3B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3B000
|
Size: |
36864
|
|
32AB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1398146378.00000000032AB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
32AB000
|
Size: |
4096
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415474410.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
4096
|
|
2D33000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1395679384.0000000002D33000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D33000
|
Size: |
12288
|
|
2D69000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361756161.0000000002D69000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D69000
|
Size: |
8192
|
|
32BD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2496044113.00000000032BD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
32BD000
|
Size: |
4096
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416678657.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
2D5C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1397995901.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D5C000
|
Size: |
143360
|
|
630000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2493035000.0000000000630000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
630000
|
Size: |
16384
|
|
2D60000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373994543.0000000002D60000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D60000
|
Size: |
8192
|
|
2D69000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361515690.0000000002D69000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D69000
|
Size: |
8192
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415745596.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
814000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1556909416.0000000000814000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
814000
|
Size: |
8192
|
|
2FF7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1375360273.0000000002FF7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FF7000
|
Size: |
4096
|
|
2D5B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373435452.0000000002D5B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D5B000
|
Size: |
4096
|
|
2D5C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1374807479.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D5C000
|
Size: |
118784
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416156388.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
4096
|
|
2D33000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415630473.0000000002D33000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D33000
|
Size: |
12288
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416603942.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
|
2D94000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728473723.0000000002D94000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D94000
|
Size: |
61440
|
|
2D25000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1423013756.0000000002D25000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D25000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2D44000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373994543.0000000002D44000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D44000
|
Size: |
4096
|
|
2D95000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361756161.0000000002D95000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D95000
|
Size: |
4096
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413748155.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
2D4C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1374807479.0000000002D4C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D4C000
|
Size: |
8192
|
|
3213000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1398146378.0000000003213000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3213000
|
Size: |
4096
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416319112.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413406139.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
270D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727890496.000000000270D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
270D000
|
Size: |
12288
|
|
739000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000008.00000002.1727425613.0000000000739000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
739000
|
Size: |
200704
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Yara signature match |
System Summary |
|
|
2FE0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413002613.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE0000
|
Size: |
24576
|
|
2FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416002027.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEB000
|
Size: |
4096
|
|
2D49000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1374807479.0000000002D49000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D49000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
222E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2494786384.000000000222E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
222E000
|
Size: |
8192
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416815966.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
4096
|
|
2D10000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728257700.0000000002D10000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D10000
|
Size: |
4096
|
|
2D69000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361212279.0000000002D69000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D69000
|
Size: |
4096
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416990461.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1414453263.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
2D2E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1397203288.0000000002D2E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D2E000
|
Size: |
16384
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413465949.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
80E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1556730977.000000000080E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80E000
|
Size: |
32768
|
|
2FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416678657.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEB000
|
Size: |
4096
|
|
2D4C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1397135928.0000000002D4C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D4C000
|
Size: |
4096
|
|
700000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1326848781.0000000000700000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
700000
|
Size: |
4096
|
|
2BAE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2495664630.0000000002BAE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2BAE000
|
Size: |
8192
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416433347.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
4096
|
|
7C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727460033.00000000007C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7C0000
|
Size: |
4096
|
|
199000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2492322153.0000000000199000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
199000
|
Size: |
28672
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1417524516.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416578074.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
4B3000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.1727202775.00000000004B3000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
4B3000
|
Size: |
102400
|
|
400000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000000.1308593204.0000000000400000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
400000
|
Size: |
4096
|
|
2D36000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1393115109.0000000002D36000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D36000
|
Size: |
57344
|
|
2FE4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373228205.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE4000
|
Size: |
73728
|
|
2ACD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728124527.0000000002ACD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2ACD000
|
Size: |
12288
|
|
2A8F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728085805.0000000002A8F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2A8F000
|
Size: |
4096
|
|
2D66000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361399874.0000000002D66000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D66000
|
Size: |
8192
|
|
76A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727460033.000000000076A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
76A000
|
Size: |
49152
|
|
2FD1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413002613.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FD1000
|
Size: |
4096
|
|
2FE4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1375282916.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE4000
|
Size: |
28672
|
|
2FE9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1362042001.0000000002FE9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE9000
|
Size: |
118784
|
|
2DED000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2495835793.0000000002DED000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2DED000
|
Size: |
12288
|
|
540000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2492827568.0000000000540000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
540000
|
Size: |
8192
|
|
2FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416759962.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEB000
|
Size: |
4096
|
|
81C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727665935.000000000081C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
81C000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
82D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2493523716.000000000082D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
82D000
|
Size: |
356352
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
2B6E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2495616323.0000000002B6E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2B6E000
|
Size: |
8192
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415790670.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
4096
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415904256.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1417719852.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
4096
|
|
9B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2492250504.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B000
|
Size: |
20480
|
|
401000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000008.00000000.1308616218.0000000000401000.00000020.00000001.01000000.00000006.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
401000
|
Size: |
36864
|
|
2D94000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1395293299.0000000002D94000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D94000
|
Size: |
143360
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413352222.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
|
2D51000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373435452.0000000002D51000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D51000
|
Size: |
4096
|
|
2D51000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1362179342.0000000002D51000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D51000
|
Size: |
65536
|
|
2D61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361399874.0000000002D61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D61000
|
Size: |
8192
|
|
226E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727810737.000000000226E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
226E000
|
Size: |
8192
|
|
2FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373969002.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEB000
|
Size: |
45056
|
|
2FE4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1375430114.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE4000
|
Size: |
28672
|
|
2D44000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1433226532.0000000002D44000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D44000
|
Size: |
163840
|
|
459000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000008.00000002.1727135217.0000000000459000.00000040.00000001.01000000.00000006.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
459000
|
Size: |
16384
|
|
2FD3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413002613.0000000002FD3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FD3000
|
Size: |
28672
|
|
298E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728052579.000000000298E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
298E000
|
Size: |
8192
|
|
2D5C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1374594466.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D5C000
|
Size: |
45056
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415534105.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415932650.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
|
2D44000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1518057347.0000000002D44000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D44000
|
Size: |
290816
|
|
740000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2493339255.0000000000740000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
740000
|
Size: |
397312
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
Yara signature match |
System Summary |
|
|
2D32000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1556927960.0000000002D32000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D32000
|
Size: |
16384
|
|
2D4C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1374594466.0000000002D4C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D4C000
|
Size: |
4096
|
|
2D4B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1395452711.0000000002D4B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D4B000
|
Size: |
4096
|
|
2FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413202399.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEB000
|
Size: |
4096
|
|
2D48000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361870639.0000000002D48000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D48000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
2D73000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1395452711.0000000002D73000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D73000
|
Size: |
4096
|
|
2D60000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373435452.0000000002D60000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D60000
|
Size: |
8192
|
|
2C0E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728196872.0000000002C0E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2C0E000
|
Size: |
8192
|
|
2290000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727832341.0000000002290000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2290000
|
Size: |
12288
|
|
7FB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727460033.00000000007FB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7FB000
|
Size: |
36864
|
|
37D8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1517190331.00000000037D8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37D8000
|
Size: |
5242880
|
|
2D91000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1518057347.0000000002D91000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D91000
|
Size: |
249856
|
|
91F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727727892.000000000091F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
91F000
|
Size: |
4096
|
|
2D69000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373994543.0000000002D69000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D69000
|
Size: |
4096
|
|
2D51000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361870639.0000000002D51000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D51000
|
Size: |
65536
|
|
2D4B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1396817863.0000000002D4B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D4B000
|
Size: |
4096
|
|
A1E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727747591.0000000000A1E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
A1E000
|
Size: |
8192
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413553981.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
4096
|
|
842000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1291886855.0000000000842000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
842000
|
Size: |
4096
|
|
2D28000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728257700.0000000002D28000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D28000
|
Size: |
24576
|
|
2DA4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1394393715.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2DA4000
|
Size: |
86016
|
|
2FD8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1375282916.0000000002FD8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FD8000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
555000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727256705.0000000000555000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
555000
|
Size: |
16384
|
|
2D7A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1374807479.0000000002D7A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D7A000
|
Size: |
4096
|
|
19B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727092346.000000000019B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
19B000
|
Size: |
20480
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000008.00000002.1727135217.0000000000400000.00000040.00000001.01000000.00000006.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
400000
|
Size: |
327680
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1417621439.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
45B000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1256415718.000000000045B000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
45B000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416851429.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
4096
|
|
2D73000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1396817863.0000000002D73000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D73000
|
Size: |
4096
|
|
2D97000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1431668843.0000000002D97000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D97000
|
Size: |
8192
|
|
2160000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1264206503.0000000002160000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
2160000
|
Size: |
393216
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
2D66000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373994543.0000000002D66000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D66000
|
Size: |
8192
|
|
2D51000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373994543.0000000002D51000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D51000
|
Size: |
4096
|
|
21FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727767970.00000000021FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
21FE000
|
Size: |
8192
|
|
2CAF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2495735544.0000000002CAF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2CAF000
|
Size: |
4096
|
|
816000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1422897975.0000000000816000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
816000
|
Size: |
36864
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1417344020.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
4096
|
|
2D6C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361399874.0000000002D6C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D6C000
|
Size: |
4096
|
|
4B3000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000000.1308708339.00000000004B3000.00000002.00000001.01000000.00000006.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
4B3000
|
Size: |
102400
|
|
2D48000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1362127956.0000000002D48000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D48000
|
Size: |
8192
|
|
2D64000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361515690.0000000002D64000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D64000
|
Size: |
4096
|
|
401000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000000.1256353716.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
401000
|
Size: |
331776
|
|
2D2E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1422985725.0000000002D2E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D2E000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2D63000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1396817863.0000000002D63000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D63000
|
Size: |
4096
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415132801.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
|
2D51000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1362127956.0000000002D51000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D51000
|
Size: |
65536
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416990461.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
4096
|
|
2FE1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1523350346.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE1000
|
Size: |
212992
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1414216871.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413328854.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
2F9F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2495942363.0000000002F9F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2F9F000
|
Size: |
4096
|
|
2D4A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373435452.0000000002D4A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D4A000
|
Size: |
12288
|
|
816000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1523225478.0000000000816000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
816000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
2D7C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1374594466.0000000002D7C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D7C000
|
Size: |
4096
|
|
2FE9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1389507886.0000000002FE9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE9000
|
Size: |
20480
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416886822.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
|
337D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1566788102.000000000337D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
337D000
|
Size: |
593920
|
|
2360000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2495016761.0000000002360000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2360000
|
Size: |
16384
|
|
2D33000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416630121.0000000002D33000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D33000
|
Size: |
12288
|
|
37A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2496352394.00000000037A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
37A0000
|
Size: |
4096
|
|
2D57000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373435452.0000000002D57000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D57000
|
Size: |
4096
|
|
2D8B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1394393715.0000000002D8B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D8B000
|
Size: |
4096
|
|
2E9E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2495883235.0000000002E9E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2E9E000
|
Size: |
8192
|
|
400000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1256326018.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
400000
|
Size: |
4096
|
|
72E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727365205.000000000072E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
72E000
|
Size: |
45056
|
|
2FD4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728739016.0000000002FD4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FD4000
|
Size: |
12288
|
|
7BA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727460033.00000000007BA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7BA000
|
Size: |
8192
|
|
2FCF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728707425.0000000002FCF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2FCF000
|
Size: |
4096
|
|
845000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1291821488.0000000000845000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
845000
|
Size: |
253952
|
|
7C3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727460033.00000000007C3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7C3000
|
Size: |
217088
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
2FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416378986.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEB000
|
Size: |
4096
|
|
2D44000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1374594466.0000000002D44000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D44000
|
Size: |
12288
|
|
2D64000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373435452.0000000002D64000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D64000
|
Size: |
4096
|
|
2FD8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1362042001.0000000002FD8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FD8000
|
Size: |
12288
|
|
2D3C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413259383.0000000002D3C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D3C000
|
Size: |
32768
|
|
2DC4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1394393715.0000000002DC4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2DC4000
|
Size: |
4096
|
|
2FE9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1523191001.0000000002FE9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE9000
|
Size: |
90112
|
|
1F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727114708.00000000001F0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1F0000
|
Size: |
4096
|
|
2D33000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415247583.0000000002D33000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D33000
|
Size: |
12288
|
|
5E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2492899628.00000000005E0000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
5E0000
|
Size: |
241664
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Yara signature match |
System Summary |
|
|
2D4A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373994543.0000000002D4A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D4A000
|
Size: |
12288
|
|
3290000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2495992437.0000000003290000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3290000
|
Size: |
4096
|
|
2FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416319112.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEB000
|
Size: |
4096
|
|
2D33000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1417308456.0000000002D33000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D33000
|
Size: |
12288
|
|
80E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1727665935.000000000080E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80E000
|
Size: |
24576
|
|
2FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415745596.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEB000
|
Size: |
4096
|
|
31E2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1398146378.00000000031E2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
31E2000
|
Size: |
8192
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2492515853.0000000000400000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
400000
|
Size: |
409600
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
URLs found in memory or binary data |
Networking |
|
|
2D7B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361323050.0000000002D7B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D7B000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
73D0F000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.1729172218.0000000073D0F000.00000002.00000001.01000000.00000008.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
73D0F000
|
Size: |
12288
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415299569.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
2D5B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373994543.0000000002D5B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D5B000
|
Size: |
4096
|
|
233F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2494949257.000000000233F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
233F000
|
Size: |
4096
|
|
2FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413595247.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FE8000
|
Size: |
12288
|
|
885000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2493523716.0000000000885000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
885000
|
Size: |
16384
|
|
2EC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.1728673908.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2EC0000
|
Size: |
4096
|
|
2FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415299569.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEB000
|
Size: |
4096
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416066382.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|
2D78000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361986737.0000000002D78000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D78000
|
Size: |
12288
|
|
2D57000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1373994543.0000000002D57000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D57000
|
Size: |
4096
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416467451.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
4096
|
|
73CF0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.1728971416.0000000073CF0000.00000002.00000001.01000000.00000008.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
73CF0000
|
Size: |
4096
|
|
2D6B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1395452711.0000000002D6B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D6B000
|
Size: |
4096
|
|
7CE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2493523716.00000000007CE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7CE000
|
Size: |
266240
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
300C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1375360273.000000000300C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
300C000
|
Size: |
16384
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1417763681.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
4096
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1415824756.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
4096
|
|
2FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1416066382.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEB000
|
Size: |
4096
|
|
334B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1398146378.000000000334B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
334B000
|
Size: |
4096
|
|
2FEB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1417621439.0000000002FEB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FEB000
|
Size: |
4096
|
|
3007000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1362042001.0000000003007000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3007000
|
Size: |
4096
|
|
2D98000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1361515690.0000000002D98000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D98000
|
Size: |
12288
|
|
2FDE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1375282916.0000000002FDE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FDE000
|
Size: |
8192
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000008.00000003.1413642274.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FFA000
|
Size: |
8192
|
|